Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add repository-projects:read to release job token #501

Merged
merged 1 commit into from
Sep 21, 2022

Conversation

dfarrell07
Copy link
Member

After #470, the release GitHub Action workflow is failing to add labels to PRs.

gh pr edit --add-label e2e-all-k8s \
https://github.com/submariner-io/submariner/pull/2032
GraphQL: Your token has not been granted the required scopes to execute
this query. The 'login' field requires one of the following scopes:
['read:org'], but your token has only been granted the:
['admin:repo_hook', 'delete:packages', 'notifications', 'repo',
'workflow', 'write:discussion', 'write:packages'] scopes. Please modify
your token's scopes at: https://github.com/settings/tokens.
INFO: Didn't label 'e2e-all-k8s', continuing without it.

The only explination I can find of that permisson is:

read:org Read org and team membership, read org projects

I can also see that permission is a subset of admin:org. It seems to be different than read:project Read access of projects somehow.

It's not clear which GITHUB_TOKEN permisison we can set relates to those token permissions.

docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

It doesn't seem possible set all permissions to read and only some to write, as setting any specific permission overrides read-all.

For now, trying the only permission that seems even vaguely related.

Signed-off-by: Daniel Farrell [email protected]

After submariner-io#470, the release GitHub Action workflow is failing to add labels
to PRs.

```
gh pr edit --add-label e2e-all-k8s \
submariner-io/submariner#2032
GraphQL: Your token has not been granted the required scopes to execute
this query. The 'login' field requires one of the following scopes:
['read:org'], but your token has only been granted the:
['admin:repo_hook', 'delete:packages', 'notifications', 'repo',
'workflow', 'write:discussion', 'write:packages'] scopes. Please modify
your token's scopes at: https://github.com/settings/tokens.
INFO: Didn't label 'e2e-all-k8s', continuing without it.
```

The only explination I can find of that permisson is:

> read:org Read org and team membership, read org projects

I can also see that permission is a subset of admin:org. It seems to be
different than `read:project Read access of projects` somehow.

It's not clear which GITHUB_TOKEN permisison we can set relates to those
token permissions.

docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

It doesn't seem possible set all permissions to read and only some to
write, as setting any specific permission overrides read-all.

For now, trying the only permission that seems even vaguely related.

Signed-off-by: Daniel Farrell <[email protected]>
@dfarrell07 dfarrell07 added the bug Something isn't working label Sep 21, 2022
@dfarrell07 dfarrell07 self-assigned this Sep 21, 2022
@submariner-bot
Copy link

🤖 Created branch: z_pr501/dfarrell07/repository-projects_read

@skitt skitt merged commit 4b5d185 into submariner-io:devel Sep 21, 2022
@submariner-bot
Copy link

🤖 Closed branches: [z_pr501/dfarrell07/repository-projects_read]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants