cml icon indicating copy to clipboard operation
cml copied to clipboard
verified publisher icon iterative

Error "Resource not accessible by integration" is not helpful

Open aguschin opened this issue 4 years ago • 9 comments

The error RequestError [HttpError]: Resource not accessible by integration is raised when you use incorrect secret (I've used secrets.GITHUB_SECRET instead of a personal access token with repo+workflow permissions). Unfortunately I had no idea I'm doing this wrong and the error message wasn't pointing out what should be done in this case.

Imho, it would be great to have more obvious error message here.

Full error log: https://github.com/iterative/yolov5/runs/2837021374?check_suite_focus=true

Related discussion: https://github.com/iterative/cml/pull/554#issuecomment-847748393

aguschin avatar Jun 16 '21 12:06 aguschin

See #563 and https://github.com/iterative/cml/pull/563#discussion_r640709086 for a good compromise between error message integrity and end user helpfulness.

try {
  operation();
} catch (error) {
  if (error.message === 'Obscure error')
    error.message += ', please try toggling the "more magic" switch';
  throw error;
}

0x2b3bfa0 avatar Jun 16 '21 12:06 0x2b3bfa0

Should not this error to be reported in the TFI repo? Also we have a ticket there for such a compromise. https://github.com/iterative/terraform-provider-iterative/issues/17

DavidGOrtega avatar Jun 17 '21 13:06 DavidGOrtega

I'm not completely sure about the scope of iterative/terraform-provider-iterative#17, but this looks like a different issue. In this case, the error handling logic belongs to CML itself, not the provider.

0x2b3bfa0 avatar Jun 17 '21 14:06 0x2b3bfa0

Not sure if related, but also if token lacks permission:

{"level":"error","message":"Forbidden","stack":"Error: Forbidden
    at Gitlab.request (/usr/lib/node_modules/@dvcorg/cml/src/drivers/gitlab.js:418:38)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Gitlab.commentCreate (/usr/lib/node_modules/@dvcorg/cml/src/drivers/gitlab.js:74:5)
    at async CML.commentCreate (/usr/lib/node_modules/@dvcorg/cml/src/cml.js:183:12)
    at async Object.exports.handler (/usr/lib/node_modules/@dvcorg/cml/bin/cml/send-comment.js:13:15)"}

should be replaced with "Ensure permissions are granted as per https://cml.dev/doc/self-hosted-runners?tab=GitLab#personal-access-token"

casperdcl avatar Feb 07 '22 20:02 casperdcl

this can also be caused form permissions on forked repos.

For example commands like cml send-comment need write permissions on the repo: image

dacbd avatar May 12 '22 14:05 dacbd

@dacbd did you mean to close this?

casperdcl avatar Jun 07 '22 10:06 casperdcl

I did 🙃 but maybe this should be part of a larger effort to provide more custom errors instead of bubbling up errors from whatever source produced them?

ex: if cml send-comment && driver == github && error == Resource not accessible by integration link to docs for token write permissions

related: https://github.com/iterative/cml/issues/606

dacbd avatar Jun 10 '22 20:06 dacbd

looks like this issue is a distinct action point under #1058. Would keep it open until addressed. Specifically:

  • better message for Resource not accessible by integration
  • better message for Error: Forbidden as per this

casperdcl avatar Jun 16 '22 05:06 casperdcl

I fixed it creating a personal token, adding it to repo secrets and using ${{ secrets.MY_TOKEN }} in my actions file.

AllanCapistrano avatar Apr 03 '23 13:04 AllanCapistrano