Error: HttpError: Resource not accessible by integration Stack: HttpError: Resource not accessible by integration

[timnolte]

When people open up Pull Requests from a fork my unit testing step fails with the following error. Pull requests opened from branches within the same repository work fine.

Error: HttpError: Resource not accessible by integration Stack: HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/lucassabreu/comment-coverage-clover/main/bin/index.js:85179:21
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

[lucassabreu]

hi @timnolte can link the workflow or copy and paste it here for me to look into it?

[timnolte]

Here is the workflow:

https://github.com/oidc-wp/openid-connect-generic/blob/develop/.github/workflows/pr-unit-testing.yml

Here is a recent failure on a PR from a fork:

https://github.com/oidc-wp/openid-connect-generic/actions/runs/8290877284/job/22689633198#step:7:1

[samliu999]

same issue here

[lucassabreu]

hi @samliu999 @timnolte

sadly this looks like a limitation that github puts on the default tokens, where workflows running on forks will only have read permissions.

because of that this error is thrown when the action tries to comment (write) on the pull request.

you can still see the report on the step summary, and min/max rules will still affect the pull request.
https://github.com/oidc-wp/openid-connect-generic/actions/runs/8290877284#summary-22689633198

if you really need the comment, then you could use a PAT, but that become a risk because of the repo access that is required to comment.

---

i tried to explain this here (i would appreciate if y'all reviewed the text):

comment-coverage-clover/README.md

Lines 159 to 171 in c7597f6

	Restrictions on Forks
	---------------------
	Github Actions [imposes higher Restrictions on workflows triggered from forks in public repositories][fork],
	where the default token generated will have only read permissions.
	Because of that when this Action is run on pull requests from forks no comment will be created with the
	coverage report, instead the report will only be shown at the steps summary.
	
	If comments on pull request from forks are required for your workflow a [PAT](pat) can be used, but be aware
	that doing that may open the owner of the PAT to the malicious intentions of the internet.

---

i also added a new option on the action called skip-comments-on-forks so it won't even try to comment if set to true.

[timnolte]

Ah, OK, I sort of suspected that this could be related to GitHub permissions and requiring the use of a PAT. I like the idea of having the skip on forks option. This would allow us to keep the action in place and still get some value out of it. I was wanting to reduce the need for external services so was going to drop considering the use of CodeCov.

[lucassabreu]

i created a new release with the changes, if you spot some problem or anything reach again