I'm using my dependencies-action at work. As is typical, we have an org and a number of private repos.
The problem I'm facing is that the action can't seem to find linked issues and PRs if they're in other (also private) repos.
Fetching '{"owner":"<my company>","repo":"<private repo>","pull_number":807}'
Error: HttpError: Not Found
It can find issues in the same repo just fine.
The action is defined using the following:
name: Check PR Dependencies
on: [pull_request]
permissions:
issues: read
pull-requests: read
jobs:
check_dependencies:
runs-on: ubuntu-latest
name: Run
steps:
- uses: gregsdennis/dependencies-action@main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I recently added the permissions element, thinking that would fix it, but it had no effect.
Docs:
The REST API docs do say that a token isn't needed for public repos, but they don't give any requirements for private repos.
GITHUB_TOKEN only has permissions for the repository where the workflow is running (see docs):
The token's permissions are limited to the repository that contains your workflow.
If you want to access other repositories, you have to create a personal access token and store it as a secret accessible by your workflow. For your case, I'd recommend a fine-grained token with read permissions for issues and pull requests.