viktorsomogyi commented on PR #15115: URL: https://github.com/apache/kafka/pull/15115#issuecomment-1877217071
@mumrah @divijvaidya, the script just edits the PR body, it won't touch the commit itself. I discovered yesterday that this PR also already runs the action, however it failed with something (quotation issue). While fixing it, I discovered that by default the GH token doesn't permit getting user details (in my experiments on my own forks it wasn't an issue because likely it's my own). I worked this out in #15123. The run for this is https://github.com/apache/kafka/actions/runs/7410908203/job/20164210753?pr=15123. It says the following: ``` Run user_json=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-[1](https://github.com/apache/kafka/actions/runs/7410908203/job/20164210753?pr=15123#step:3:1)1-28" users/viktorsomogyi) GraphQL: Resource not accessible by integration (updatePullRequest) Error: Process completed with exit code 1. ``` The first line shouldn't deceive you, it's just the first line of the script. I think the error is that pull requests from forks doesn't have a write token for pull requests. I tried setting that and everything else to write in #15123 but according to the logs it doesn't apply. Also I found this in the documentation ([here](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token)): > You can use the `permissions` key to add and remove read permissions for forked repositories, but typically you can't grant write access. The exception to this behavior is where an admin user has selected the Send write tokens to workflows from pull requests option in the GitHub Actions settings. For more information, see "[Managing GitHub Actions settings for a repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks)." Do you think we can change this? We'll probably need an admin for the repo, I'm just a simple member and can't do anything basically. I'll try to work this out in my own repo (will ask someone to create PRs against it 😄) and see if I can find the exact setting. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
