I’m trying to write a GitHub action that temporarily disabled merging by requiring admin access using https://github.com/octokit/request-action, so I wrote an action like this:
name: Disable merging
on:
# Manual trigger
workflow_dispatch:
inputs:
branch:
description: What branch to protect
default: main
required: true
jobs:
disable-merging:
name: Disable Merging
permissions: write-all
runs-on: ubuntu-latest
steps:
- name: Enforce the admin protection
uses: octokit/[email protected]
id: remove_admin_protection
with:
route: POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins
owner: TheOddler
repo: github-actions-tests
branch: ${{ github.event.inputs.branch }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# some more jobs to wait and then reenable again
However, when I run this I get the error "Resource not accessible by integration". From what I could find online it might be a permission problem, but I set the github token to have read/write access:
I enabled debug info, but it didn’t tell me much new, other than that I’m getting a 403 error from github:
##[debug]Evaluating: secrets.GITHUB_TOKEN
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'GITHUB_TOKEN'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating condition for step: 'Removed the admin protection'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Removed the admin protection
##[debug]Loading inputs
##[debug]Evaluating: github.event.inputs.branch
##[debug]Evaluating Index:
##[debug]..Evaluating Index:
##[debug]....Evaluating Index:
##[debug]......Evaluating github:
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'event'
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'inputs'
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'branch'
##[debug]=> 'main'
##[debug]Result: 'main'
Warning: Unexpected input(s) 'owner', 'repo', 'branch', valid inputs are ['route', 'mediaType']
##[debug]Loading env
Run octokit/[email protected]
POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins
> owner: TheOddler
> repo: github-actions-tests
> branch: main
> mediaType: [object Object]
##[debug]route: 'POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins'
##[debug]parameters: {
##[debug] owner: 'TheOddler',
##[debug] repo: 'github-actions-tests',
##[debug] branch: 'main',
##[debug] mediaType: {}
##[debug]}
##[debug]parsed request options: {
##[debug] method: 'POST',
##[debug] headers: {
##[debug] accept: 'application/vnd.github.v3+json',
##[debug] 'user-agent': 'octokit-action.js/3.7.1 octokit-core.js/3.4.0 Node.js/12.22.7 (linux; x64)',
##[debug] 'content-length': 0
##[debug] },
##[debug] request: { hook: [Function: bound bound register] },
##[debug] data: undefined,
##[debug] url: 'https://api.github.com/repos/TheOddler/github-actions-tests/branches/main/protection/enforce_admins'
##[debug]}
< 403 222ms
::set-output name=status::403
Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
##[debug]steps.remove_admin_protection.outputs.status='403'
##[debug]RequestError [HttpError]: Resource not accessible by integration
##[debug] at /home/runner/work/_actions/octokit/request-action/v2.1.0/dist/index.js:6251:23
##[debug] at processTicksAndRejections (internal/process/task_queues.js:97:5)
##[debug] at async main (/home/runner/work/_actions/octokit/request-action/v2.1.0/dist/index.js:404:39) {
##[debug] status: 403,
##[debug] headers: {
##[debug] 'access-control-allow-origin': '*',
##[debug] 'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
##[debug] connection: 'close',
##[debug] 'content-encoding': 'gzip',
##[debug] 'content-security-policy': "default-src 'none'",
##[debug] 'content-type': 'application/json; charset=utf-8',
##[debug] date: 'Thu, 13 Apr 2023 16:58:46 GMT',
##[debug] 'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
##[debug] server: 'GitHub.com',
##[debug] 'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
##[debug] 'transfer-encoding': 'chunked',
##[debug] vary: 'Accept-Encoding, Accept, X-Requested-With',
##[debug] 'x-content-type-options': 'nosniff',
##[debug] 'x-frame-options': 'deny',
##[debug] 'x-github-api-version-selected': '2022-11-28',
##[debug] 'x-github-media-type': 'github.v3; format=json',
##[debug] 'x-github-request-id': '0481:791A:1A5B4EA:35D023B:643834C6',
##[debug] 'x-ratelimit-limit': '1000',
##[debug] 'x-ratelimit-remaining': '996',
##[debug] 'x-ratelimit-reset': '1681407830',
##[debug] 'x-ratelimit-resource': 'core',
##[debug] 'x-ratelimit-used': '4',
##[debug] 'x-xss-protection': '0'
##[debug] },
##[debug] request: {
##[debug] method: 'POST',
##[debug] url: 'https://api.github.com/repos/TheOddler/github-actions-tests/branches/main/protection/enforce_admins',
##[debug] headers: {
##[debug] accept: 'application/vnd.github.v3+json',
##[debug] 'user-agent': 'octokit-action.js/3.7.1 octokit-core.js/3.4.0 Node.js/12.22.7 (linux; x64)',
##[debug] 'content-length': 0,
##[debug] authorization: 'token [REDACTED]'
##[debug] },
##[debug] request: { hook: [Function: bound bound register] }
##[debug] },
##[debug] documentation_url: 'https://docs.github.com/rest/branches/branch-protection#set-admin-branch-protection'
##[debug]}
Error: Resource not accessible by integration
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Enforce the admin protection
2
Answers
Looks like this was a problem with the token, apparently the
GITHUB_TOKEN
doesn't have privileges to do this, and I had to use aPAT
(personal access token) instead.I think you need to pass
enforce_admins
as body instead, e.g.