Open
Description
[...snip...]
preview:
name: Preview
needs: python-ci
runs-on: ubuntu-latest
permissions:
write-all # just for testing
# contents: read
# pull-requests: write
# id-token: write
steps:
- uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
# v1.11.1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- run: |
echo "Testing token..."
gh repo create deleteme --public
curl -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/user/repos
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
[...snip...]I'm using the above workflow, in a public repository, to authenticate using a GitHub App for some automation (e.g. create a new repository).
When running the above workflow I get GraphQL: Resource not accessible by integration (createRepository):
2025-01-05T11:57:46.2553764Z Current runner version: '2.321.0'
2025-01-05T11:57:46.2581745Z ##[group]Operating System
2025-01-05T11:57:46.2582880Z Ubuntu
2025-01-05T11:57:46.2584002Z 24.04.1
2025-01-05T11:57:46.2584788Z LTS
2025-01-05T11:57:46.2585557Z ##[endgroup]
2025-01-05T11:57:46.2586415Z ##[group]Runner Image
2025-01-05T11:57:46.2587342Z Image: ubuntu-24.04
2025-01-05T11:57:46.2688593Z Version: 20241215.1.0
2025-01-05T11:57:46.2690066Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20241215.1/images/ubuntu/Ubuntu2404-Readme.md
2025-01-05T11:57:46.2691864Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20241215.1
2025-01-05T11:57:46.2693198Z ##[endgroup]
2025-01-05T11:57:46.2693899Z ##[group]Runner Image Provisioner
2025-01-05T11:57:46.2694678Z 2.0.404.1
2025-01-05T11:57:46.2695322Z ##[endgroup]
2025-01-05T11:57:46.2698189Z ##[group]GITHUB_TOKEN Permissions
2025-01-05T11:57:46.2700581Z Actions: write
2025-01-05T11:57:46.2701442Z Attestations: write
2025-01-05T11:57:46.2702140Z Checks: write
2025-01-05T11:57:46.2702790Z Contents: write
2025-01-05T11:57:46.2703829Z Deployments: write
2025-01-05T11:57:46.2704520Z Discussions: write
2025-01-05T11:57:46.2705122Z Issues: write
2025-01-05T11:57:46.2705717Z Metadata: read
2025-01-05T11:57:46.2706319Z Packages: write
2025-01-05T11:57:46.2706927Z Pages: write
2025-01-05T11:57:46.2707512Z PullRequests: write
2025-01-05T11:57:46.2708152Z RepositoryProjects: write
2025-01-05T11:57:46.2708817Z SecurityEvents: write
2025-01-05T11:57:46.2709442Z Statuses: write
2025-01-05T11:57:46.2710021Z ##[endgroup]
2025-01-05T11:57:46.2712582Z Secret source: Actions
2025-01-05T11:57:46.2713555Z Prepare workflow directory
2025-01-05T11:57:46.3018712Z Prepare all required actions
2025-01-05T11:57:46.3055285Z Getting action download info
2025-01-05T11:57:46.5241936Z Download action repository 'actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755' (SHA:c1a285145b9d317df6ced56c09f525b5c2b6f755)
2025-01-05T11:57:46.7512008Z Download action repository 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' (SHA:11bd71901bbe5b1630ceea73d27597364c9af683)
2025-01-05T11:57:46.7873755Z Download action repository 'actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a' (SHA:6849a6489940f00c2f30c0fb92c6274307ccb58a)
2025-01-05T11:57:46.9477332Z Download action repository 'snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a' (SHA:76e04a911780d5b312d89783f7b1cd627778900a)
2025-01-05T11:57:47.0873530Z Download action repository 'actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b' (SHA:0b93645e9fea7318ecaed2b359559ac225c90a2b)
2025-01-05T11:57:47.1666303Z Download action repository 'pulumi/auth-actions@80dec0d5e009a11565cbf87d9ef9103fc7d24198' (SHA:80dec0d5e009a11565cbf87d9ef9103fc7d24198)
2025-01-05T11:57:47.4059256Z Download action repository 'pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952' (SHA:c7fad9e2f0b79653172b36538b8b34b3c0291952)
2025-01-05T11:57:47.8164563Z Complete job name: Preview
2025-01-05T11:57:47.9038440Z ##[group]Run actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
2025-01-05T11:57:47.9040830Z with:
2025-01-05T11:57:47.9041977Z app-id: 1102592
2025-01-05T11:57:47.9070895Z private-key: ***
2025-01-05T11:57:47.9072118Z owner: notdodo
2025-01-05T11:57:47.9073593Z github-api-url: https://api.github.com
2025-01-05T11:57:47.9075443Z ##[endgroup]
2025-01-05T11:57:48.0578016Z repositories not set, creating token for all repositories for given owner "notdodo"
2025-01-05T11:57:48.2954363Z ##[group]Run echo "Testing token..."
2025-01-05T11:57:48.2955970Z �[36;1mecho "Testing token..."�[0m
2025-01-05T11:57:48.2957524Z �[36;1mgh repo create deleteme --public�[0m
2025-01-05T11:57:48.2960205Z �[36;1mcurl -H "Authorization: ***" \�[0m
2025-01-05T11:57:48.2961885Z �[36;1m -H "Accept: application/vnd.github+json" \�[0m
2025-01-05T11:57:48.2964032Z �[36;1m https://api.github.com/user/repos�[0m
2025-01-05T11:57:48.3012101Z shell: /usr/bin/bash -e {0}
2025-01-05T11:57:48.3013629Z env:
2025-01-05T11:57:48.3015463Z GITHUB_TOKEN: ***
2025-01-05T11:57:48.3016967Z GH_TOKEN: ***
2025-01-05T11:57:48.3018041Z ##[endgroup]
2025-01-05T11:57:48.3121512Z Testing token...
2025-01-05T11:57:48.5356387Z GraphQL: Resource not accessible by integration (createRepository)
2025-01-05T11:57:48.5386445Z ##[error]Process completed with exit code 1.
2025-01-05T11:57:48.5563910Z Post job cleanup.
2025-01-05T11:57:48.7716941Z Token revoked
2025-01-05T11:57:48.8487640Z Cleaning up orphan processes
The GitHub application has all the Repository permissions and it's installed on my account with "All repositories" set.
Am I missing something?
Metadata
Metadata
Assignees
Labels
No labels