terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard

[BUG]: `403 Resource not accessible by integration []`

Open garysassano opened this issue 1 year ago • 3 comments

Expected Behavior

Be able to create a repository using ${{ secrets.GITHUB_TOKEN }} instead of ${{ secrets.MY_PAT }}.

Actual Behavior

Can only create a github_repository resource using ${{ secrets.MY_PAT }}, since even a ${{ secrets.GITHUB_TOKEN }} with full write permissions doesn't have the rights to create a new repository when used with the integrations/github Terraform provider.

│ Error: POST https://api.github.com/user/repos: 403 Resource not accessible by integration []
│ 
│   with github_repository.SampleRepo,
      + allow_merge_commit          = false
      + allow_rebase_merge          = false
│   on main.tf line 14, in resource "github_repository" "SampleRepo":
│   14: resource "github_repository" "SampleRepo" {
│ 
jobs:
  apply:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ${{ env.tf_actions_working_dir }}
    steps:
    - uses: actions/checkout@v4
    
    - uses: hashicorp/setup-terraform@v3

    - name: Terraform Init
      id: init
      run: terraform init -input=false

    - name: Terraform Apply
      run: terraform apply -input=false -auto-approve
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

image

Terraform Version

Terraform v1.8.0 on linux_amd64 + provider registry.terraform.io/integrations/github v6.2.1

Affected Resource(s)

  • github_repository
  • github_branch_protection

Terraform Configuration Files

terraform {
  required_providers {
    github = {
      version = "6.2.1"
      source  = "integrations/github"
    }
  }
}

provider "github" {}

resource "github_repository" "SampleRepo" {
  name                        = "todelete_sample"
  visibility                  = "private"
  allow_auto_merge            = false
  allow_merge_commit          = false
  allow_rebase_merge          = false
  allow_squash_merge          = true
  allow_update_branch         = true
  auto_init                   = true
  delete_branch_on_merge      = true
  has_discussions             = false
  has_downloads               = true
  has_issues                  = true
  has_projects                = true
  has_wiki                    = true
  merge_commit_message        = "PR_TITLE"
  merge_commit_title          = "MERGE_MESSAGE"
  squash_merge_commit_message = "COMMIT_MESSAGES"
  squash_merge_commit_title   = "PR_TITLE"
}

resource "github_branch_protection" "MainBranchProtection" {
  repository_id                   = github_repository.SampleRepo.node_id
  pattern                         = "main"
  allows_deletions                = false
  allows_force_pushes             = false
  enforce_admins                  = true
  require_conversation_resolution = true
  required_pull_request_reviews {
    dismiss_stale_reviews           = true
    required_approving_review_count = 1
  }
  required_status_checks {
    strict = true
  }
}

Steps to Reproduce

No response

Debug Output

No response

Panic Output

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

garysassano avatar Apr 11 '24 08:04 garysassano

Hi, We are facing the same issue. when can we expect this to be fixed?

cb-krishnapatel avatar May 14 '24 11:05 cb-krishnapatel

I saw the same error with provider 5.45.0 and found I could fix it by using ONLY the GITHUB_TOKEN env var, and not the "token" value in the provider block. See #2242. Until that was changed I don't think I was using the correct token.

Something is weird but that might be a workaround. YMMV.

dcfsc avatar May 15 '24 20:05 dcfsc

IIRC, I fixed the issue by giving the GitHub App the administration: write permission. Definitely not intuitive, I couldn't find any reference in the official documentation.

garysassano avatar May 16 '24 14:05 garysassano

Thank you, @garysassano; that was the missing permission on my end! Setting permissions was a pain in the neck! The docs are not helpful at all

h2oearth avatar Dec 17 '24 01:12 h2oearth

FWIW, I just had the same error from the pages API endpoint, and had to update my Github app integration to include teh pages: write permission.

fatmcgav avatar Apr 15 '25 14:04 fatmcgav