Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] flowwer-dev/pull-request-stats: Resource not accessible by integration #66

Closed
macohen opened this issue Dec 23, 2022 · 8 comments
Closed
Labels
bug Something isn't working

Comments

@macohen
Copy link
Collaborator

macohen commented Dec 23, 2022

What is the bug?
I have an issue where I’m trying to integrate a github action (https://github.com/flowwer-dev/pull-request-stats) that should add a comment with PR stats to every PR. I’ve been trying to make it work with PRs opened against main, but it was failing due to permissions (https://github.com/opensearch-project/search-processor/actions/runs/3766987233/jobs/6404075146). I also created two branches in the repo and made a PR from one to the other. That one succeeded: (#62). It’s strange to me that a PR to main would have different permissions than a PR to a different branch and I'm not sure where to go from there.

How can one reproduce the bug?
Steps to reproduce the behavior:

  1. Enable the (Pull Request Stats)[https://github.com/opensearch-project/search-processor/actions/workflows/pr_stats.yml]
  2. Create a PR to merge to main
  3. Watch the check fail like in: https://github.com/opensearch-project/search-processor/actions/runs/3766987233

What is the expected behavior?
A comment should be added to the PR like #62 (comment)

What is your host/environment?
N/A

Do you have any screenshots?
No, but the logfile with error is here: logs_561.zip

Do you have any additional context?
Add any other context about the problem.

@macohen
Copy link
Collaborator Author

macohen commented Dec 23, 2022

@manuelmhtr unfortunately that didn't seem to do the trick. is there a different setting? thanks for the quick response on this!

@manuelmhtr
Copy link
Contributor

@macohen ohh I see...

I checked the last run and it seems the pull request permission still read. I think there's an organization or repository setting that prevents the action from getting the read permission. Let me check which setting could be 🤔

Screen Shot 2022-12-23 at 17 33 07

@manuelmhtr
Copy link
Contributor

I found the problem 💡

All failing jobs come from a fork. By default, Github limits the action's permissions to read when they come from a fork.

To make it work you should go to the Organization Settings -> Actions -> General, and check the options "Run workflows from fork pull requests" and "Send write tokens to workflows from fork pull requests." (I'd suggest "Require approval for fork pull request workflows." too for increasing security).

Screen Shot 2022-12-23 at 17 52 09

I hope it helps!

@macohen macohen removed the untriaged label Dec 25, 2022
@macohen
Copy link
Collaborator Author

macohen commented Dec 25, 2022

@manuelmhtr Do you think it would be possible to create an alternative solution to work around this? I'm thinking about a scheduled action that creates a new issue in the repo with the table. It would be great to see this on a weekly basis. Maybe also aggregated monthly.

@noCharger
Copy link
Collaborator

noCharger commented Jan 4, 2023

PR stats works in 2.x branch #76 (comment)

@macohen
Copy link
Collaborator Author

macohen commented Jan 9, 2023

yep. it doesn't seem to work for pull requests coming from forked repositories because that would mean giving certain write permissions to anyone who forks the repo and issues a PR. if you branch within the repo it works. I still like the idea of a report in an issue that can be viewed separately.

@msfroh
Copy link
Collaborator

msfroh commented Jan 23, 2023

We could run only on backport PRs?

We can also come up with another way of tracking / recording PR stats.

Closing this one in favor of finding another solution.

@msfroh msfroh closed this as completed Jan 23, 2023
@msfroh msfroh removed the untriaged label Jan 23, 2023
@manuelmhtr
Copy link
Contributor

manuelmhtr commented Jan 29, 2023

@macohen @msfroh sorry for the ultra-late response.

You could configure the action to be executed periodically and post the results in Slack, MS Teams or publish the results to a webhook and threat the response however you want. This way you should not get the permissions error when writing on the pull request.

I added OpenSearch as a private sponsor to let you use these premium features for free (use v2.7.1 or above).

Hope it helps!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants