Describe the bug
I have a GitHub actions that runs gh pr edit using the GITHUB_TOKEN created automatically for the job.
When I added
permissions:
pull-requests: write
to the workflow definition I started to get
GraphQL: Resource not accessible by integration (repository.pullRequest.projectCards.nodes)
I think it is because of this line:
|
editable.Projects.Default = pr.ProjectCards.ProjectNames() |
where the CLI tries to get the project names, but this requires the
repository-projects: read permission.
Adding repository-projects: read fixes the problem, but this took me a while to figure out and should be fixed IMO, since edits to a PR that don't involve projects shouldn't require that permission.
I am using the latest CLI version as intalled in the ubuntu-latest GitHub Actions image.
Steps to reproduce the behavior
- Create a workflow with only
pull-requests: write permissions
- Create a step that runs
gh pr edit ...
- See error
Expected vs actual behavior
The gh pr edit command should succeed without additional permissions.
Describe the bug
I have a GitHub actions that runs
gh pr editusing theGITHUB_TOKENcreated automatically for the job.When I added
to the workflow definition I started to get
I think it is because of this line:
cli/pkg/cmd/pr/edit/edit.go
Line 169 in 0ecd424
where the CLI tries to get the project names, but this requires the
repository-projects: readpermission.Adding
repository-projects: readfixes the problem, but this took me a while to figure out and should be fixed IMO, since edits to a PR that don't involve projects shouldn't require that permission.I am using the latest CLI version as intalled in the
ubuntu-latestGitHub Actions image.Steps to reproduce the behavior
pull-requests: writepermissionsgh pr edit ...Expected vs actual behavior
The
gh pr editcommand should succeed without additional permissions.