Auto-Detect PR error on Workflow dispatch, resource not accessible

[Cellule]

Since there's no PR information on a workflow_dispatch the action will try to fetch it

github-action/index.js

Lines 474 to 497 in f6f2cc1

	try {
	const resp = await client.request(
	'GET /repos/:owner/:repo/commits/:commit_sha/pulls',
	{
	owner,
	repo,
	commit_sha: GITHUB_SHA
	}
	)
	if (
	resp &&
	resp.data &&
	resp.data[0] &&
	resp.data[0].number
	) {
	prNumber = resp.data[0].number
	}
	} catch (e) {
	console.error(
	`Unable to fetch related PR data for commit: '${GITHUB_SHA}': `,
	e
	)
	}

However, even though the call is in a try/catch it still errors my whole run.

Unable to fetch related PR data for commit: '46a72ff9cd29aeaa59f536eee6c008e3ffbcf56d':  RequestError [HttpError]: Resource not accessible by integration
    at /home/runner/work/_actions/cypress-io/github-action/v6/dist/index.js:41343:21
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async detectPrNumber (/home/runner/work/_actions/cypress-io/github-action/v6/dist/index.js:7[48](https://github.com/MaintainX/maintainx/actions/runs/9684418723/job/26722269427#step:17:49)81:22)
    at async runTests (/home/runner/work/_actions/cypress-io/github-action/v6/dist/index.js:75152:3) {

Right now I suspect it fails because we are using the following permissions on the job

permissions:
      contents: read # Required to checkout source code
      id-token: write # Required to setup AWS credentials

I'm not sure yet which permission I need to give yet, but I would have expected that it wouldn't fail the run at least

[Cellule]

I found that adding the following permission solves this error.

      pull-requests: read # Needed for workflow_dispatch execution

[MikeMcC399]

@Cellule

Thank you for reporting your issue! I understand that you have resolved your error condition.

The documentation does not cover permissions settings, so there is some scope for adding information to help users avoid the issue which you ran into.

Could you please post your failing workflow? That would help us to reproduce your issue. We could also check if the error condition needs to be fatal or whether it could be a warning only.

[mfrancekovic]

Hi @MikeMcC399 , @Cellule ,

I've ran into the same problem. For us the issue occured right after we've done a forced upgrade to Enterprise account in Github.

Before that cypress-io actions were running for us for years. And the issue happened right after I've upgraded our organization to Enterprise level structure which Github will be enforcing for all users which use Enterprise plans.

I suspect that for the Enterprise there might be some different default rules for GITHUB_TOKEN.

In our case I've added the following line on the top level in the workflow where we use cypress-io, and that fixed it:

permissions: read-all

[MikeMcC399]

Closing as there was no further response and I was unable to reproduce the issue.

[MikeMcC399]

Related to this issue I have submitted two enhancement requests:

• Fail gracefully if GITHUB_TOKEN is set with non-working permissions #1272
• Document GITHUB_TOKEN settings - Cypress Cloud recording #1273