I’m trying to create a github action that searches all PRs in our repository with a specific label. The api call returns the correct result when running it locally with my personal access token but in the action it seems to get no results.
The default workflow permissions are "Read and write".
This is the action code:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- name: Search label deploy-in-dev
run: |-
curl
-H "Accept: application/vnd.github+json"
-H "Authorization: Bearer ${GITHUB_TOKEN}"
-H "X-GitHub-Api-Version: 2022-11-28"
"https://api.github.com/search/issues?q=repo:private-org/example+is:pull-request+is:open+label:deploy-in-dev"
| grep ""number":"
| sed 's/.*"number": ([0-9]*),/1/g'
| while IFS= read -r pr_number; do
echo "Found pr with label with pr number ${pr_number}"
done
Could this be a permission error or do I miss something else?
2
Answers
I did not use the
GITHUB_TOKEN
correct. It needs to be${{ secrets.GITHUB_TOKEN }}
instead of${ GIHTUB_TOKEN }
. It works like this:As a bonus I added to minimal set of permissions to the action so that it still runs. The only permission needed is
pull-requests: read
. If the action should also be able to add or remove a label the permission needs to bepull-requests: write
. The complete action I now use is this one:There is a great GH action – GitHub Script. It allows writing scripts in your workflow and provides an easy and elegant way to run these scripts.
Working example: