Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Org Team Approver Documentation Issue #102

Open
obalyuk87 opened this issue Jun 12, 2023 · 3 comments
Open

Org Team Approver Documentation Issue #102

obalyuk87 opened this issue Jun 12, 2023 · 3 comments

Comments

@obalyuk87
Copy link

obalyuk87 commented Jun 12, 2023
edited
Loading

Thank you for creating and sharing an amazing plugin!

The docs on the "Org Team Approver" have limited / incorrect information, the the extra "Permissions" section is misleading.
https://github.com/marketplace/actions/manual-workflow-approval#org-team-approver

I followed the docs for Team Approver setup but pipeline was failing with error below


Required approvers: [user1 user2 user3]

Respond "approved", "approve", "lgtm", "yes" to continue workflow or "denied", "deny", "no" to cancel.
error creating issue: POST https://api.github.com/repos/my-org/misc-prototypes/issues: 403 Resource not accessible by integration []

In case of explicitly listed users the trstringer/manual-approval@v1 step is executed with secret: ${{ github.TOKEN }}. However in case of Org Team Approver secret: ${{ steps.generate_token.outputs.token }} is used. Per docs, the GitHub app was created with read-only access to organization members, which is not enough to create an issue in the repo. Once I added "Issues Write" permission to the GitHub app - the workflows worked as expected!

App Permissions
image
@rjcoupe
Copy link

rjcoupe commented Sep 27, 2023

I ran into the same problem and came to the same solution.

@afrazkhan
Copy link

It works for me with the additional permission up until the actual approval message, which never gets picked up. Issue is created, and even cancelled when the run is cancelled manually, but replying to the created issue with an approved response never gets picked up by the action.

I've tried adding the "Issue comment" event to the permissions, which seems like an obvious necessity, but still no joy.

@cwong-archy
Copy link

i have this issue. i have set the github app with the correct permissions (i think)
Screenshot 2024-10-24 at 4 26 08 PM
Screenshot 2024-10-24 at 4 26 26 PM

but still getting -

Required approvers: [eng-release]

Respond "approved", "approve", "lgtm", "yes", "ok", "lfg", "ship it" to continue workflow or "denied", "deny", "no" to cancel.
error creating issue: POST https://api.github.com/repos/ORG/REPO/issues: 403 Resource not accessible by integration []

my gha -

  wait-for-approval:
    runs-on: self-hosted-deploy-dev
    steps:
      - id: generate-token
        uses: tibdex/github-app-token@v1
        with:
          app_id: ${{ secrets.GHA_WAIT_FOR_APPROVAL_APPID }}
          private_key: ${{ secrets.GHA_WAIT_FOR_APPROVAL_PRIVATE_KEY }}
      - id: manual-approval
        uses: trstringer/manual-approval@v1
        with:
          secret: ${{ steps.generate-token.outputs.token }}
          approvers: eng-release
          minimum-approvals: 1
          additional-approved-words: ok,lfg,ship it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rjcoupe @afrazkhan @obalyuk87 @cwong-archy