I’ve created a GitHub app and installed it in my account, giving it access to a private repository in my account. The GitHub app has read permission to metadata. I then generated a JWT and used it to create an installation access token, following the steps here. I tried using this token to search for keywords in the above private repository using the GitHub search API as follows:
https://api.github.com/search/code?q=abc+in:file+repo:username/private-repo
However, this returns the following response.
{
"message": "Validation Failed",
"errors": [
{
"message": "The listed users and repositories cannot be searched either because the resources do not exist or you do not have permission to view them.",
"resource": "Search",
"field": "q",
"code": "invalid"
}
],
"documentation_url": "https://docs.github.com/v3/search/"
}
I tried using this access token to fetch the repositories for this GitHub app installation and that returned the private repo successfully in the response. I assume this means that the installation has access to the private repo and the token works as expected.
API used: https://api.github.com/installation/repositories
.
Why does the search fail then?
Raised a ticket with GitHub support. Their response:
The query failed because the GitHub App does not have permission to
read
the content of the private repository. The Metadataread
permission will allow you to search for repositories but does not have sufficient scope toread
the content of the repository(private).
The docs list the search API under Metadata, but it should be under Content permissions. Granting Content read
permissions to the GitHub app solved the issue.