Error on PRs made by Dependabot
Andre601 opened this issue · comments
Not entirely sure what the cause of this could be... Maybe the GH token is not given while dependabot is making a PR?
Either way, here's the log: https://paste.helpch.at/xaviwehode.php
And the workflow file used: https://github.com/Andre601/AdvancedServerList/blob/master/.github/workflows/create-pr-artifact.yml
Hi @Andre601
If you want to give dependabot write
permission to create comments then you need to use a PAT and store it in the dependabot secrets here: https://github.com/Andre601/AdvancedServerList/settings/secrets/dependabot
Doesn't answer my question.
Is the issue caused by me not having the token assigned? Or is it a Permission issue?
If that, what perms would it need for the gh action to post on a pull request?
Thinking about this, could it be that the action targets the wrong repo for the comment?
Actually, looking closer at it, I think the main issue is, that the comment of Dependabot is treated as being from github-actions[bot]
?
This seems kinda weird as the author is a different bot (dependabot)... So maybe a GitHub issue?
I replied a bit too quickly. After revisiting this I don't think you need a PAT because you are creating comments in the local repository.
Maybe the GH token is not given while dependabot is making a PR?
When dependabot triggers a workflow run, the default GITHUB_TOKEN
has read-only permission. You can read about that in the docs here.
You can explicitly allow write permission by setting the following in your workflow.
permissions:
issues: write
pull-requests: write
See an example here. (Note that you don't need contents
for your case)
Okay, thanks.
Maybe it could be an idea to mention this requirement? Or just mention a recommendation to add these permissions.