Resource not accessible by integration

[Anton-Shutik]

Trying to use this GH Action and it fails with this error:

Run reload/[email protected]
/usr/bin/docker run --name c8ce5aa104cfed7a462b98612dedac8bd2f9_8755a1 --label 48c8ce --workdir /github/workspace --rm -e GH_SECURITY_TOKEN -e JIRA_TOKEN -e JIRA_HOST -e JIRA_USER -e JIRA_PROJECT -e JIRA_ISSUE_TYPE -e JIRA_WATCHERS -e JIRA_RESTRICTED_COMMENT_ROLE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/test-gh-actions-alert/test-gh-actions-alert":"/github/workspace" 48c8ce:5aa104cfed7a462b98612dedac8bd2f9

In SyncCommand.php line 199:
                                                                               
  GraphQL client error: Resource not accessible by integration. Original quer  
  y:             query alerts($owner: String!, $repo: String!) {               
                repository(owner: $owner, name: $repo) {                       
                  vulnerabilityAlerts(first: 100) {                            
                    nodes {                                                    
                      securityVulnerability {                                  
                        advisory {                                             
                          ghsaId                                               
                          description                                          
                          identifiers {                                        
                            type                                               
                            value                                              
                          }                                                    
                          references {                                         
                            url                                                
                          }                                                    
                          severity                                             
                          summary                                              
                        }                                                      
                        firstPatchedVersion {                                  
                          identifier                                           
                        }                                                      
                        package {                                              
                          name                                                 
                          ecosystem                                            
                        }                                                      
                        severity                                               
                        updatedAt                                              
                        vulnerableVersionRange                                 
                      }                                                        
                      repository {                                             
                        nameWithOwner                                          
                      }                                                        
                      vulnerableManifestFilename                               
                      vulnerableManifestPath                                   
                      vulnerableRequirements                                   
                    }                                                          
                  }                                                            
                }                                                              
              }                                                                
                                                                               

sync [--dry-run]

What kind of resource can't it find ? I'm pretty sure I've setup it correctly, because I'm able to run it locally via act tool.

[arnested]

My best guess is that the GitHub token hasn't access to the security alerts.

The token must include the public_repo scope if checking only public repos, or the repo scope for use on private repos. Also, the user must have access to security alerts in the repo.

[arnested]

I'm closing this now due to lack of response.