Cannot edit PR review: resource not accessible by integration

[niemeyer]

When attempting to edit an existing but not yet submitted PR review comment, GitHub Codespaces emits the following error:

GraphQL error: Resource not accessible by integration

This was observed both with the release version and the pre-release (v0.75.2023100909) versions.

GitHub Codespace version information:

Version: 1.83.0
Commit: e7e037083ff4455cf320e344325dacb480062c3c
Date: 2023-10-03T16:11:43.025Z
Browser: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36

Thanks for looking into it.

[niemeyer]

Just to complement: removing commments doesn't seem to work either. Is the extension supposed to be working or is it still an early alpha?

Thanks again.

[alexr00]

I'm not able to reproduce this issue. Can you share a bit more about your setup?

• Are you making a PR from a fork of the upstream repo?
• Do you have the PR branch checked out, or is this a PR from the "Pull Requests" view?
• Do you have push permission on the upstream repo?

[niemeyer]

I've just tried and the same issue is still there, with the same error.

Are you making a PR from a fork of the upstream repo?

I'm creating the codespace from inside the PR itself.

Do you have the PR branch checked out, or is this a PR from the "Pull Requests" view?

This is the PR that was already checked out given (1).

Do you have push permission on the upstream repo?

Yes, full access.

[niemeyer]

Just to completement: I can actually create review comments correctly, so this shouldn't be a permission issue. Just can't edit them.

[alexr00]

Thanks for all the details! One more question: Is this PR from a fork to an upstream repo (i.e., are the base and compare branches in the same repo, or is the compare branch from a fork)?

[niemeyer]

The branch proposed for merging is on a personal fork. The PR and code review are on the main branch on the upstream repository.

[alexr00]

Awesome. Thank you for all the details. I can repro.

[alexr00]

It looks like this is an issue with GitHub Codespaces and the auth token they provide. I'm getting help from them.

@TylerLeonhardt FYI

[alexr00]

@TylerLeonhardt, I though I could work around this Codespaces issue by doing forceNewSession when I hit this error, but that doesn't seem to work. Do you know if there's anything I can to do to work around this? It makes the extension very broken.

[TylerLeonhardt]

Yeah unfortunately, forceNewSession does not work here because Codespaces owns the lower level token provider... and they're probably just sending the same bad token.

[alexr00]

I have, I'm sad to say, learned that in a GitHub Codespace which was created from a PR from a fork, the auth token that GitHub provides is flawed. This flaw is intentional to prevent a malicious PR from having too much access. There is no way for this extension to get a real auth token at this point and somethings will just fail with "resource not accessible by integration".

I'm trying to come up with a less-bad UX for this.

@niemeyer, the easiest work around for you would be to create the Codespace from the main branch of the base repo, then check out the PR from the Pull Requests view in the Codespace. Improvements, if not fixes, are coming soon.

[alexr00]

Still working with GitHub folks to see how this can be improved. It may be an unknown issue after all.

[alexr00]

GitHub Codespaces folks are looking into it. 🤞we have a fix soon.

[alexr00]

Codespaces folks are working on testing the fix.