I am making a curl post request from my github workflow (action) to get registration token for a self-hosted runner but I am receiving the following response:
{
"message": "Resource not accessible by integration",
"documentation_url": "https://docs.github.com/rest/reference/actions#create-a-registration-token-for-a-repository"
}
Below is stripped version of my github workflow:
name: get-token
"on":
push: { branches: ["token"] }
jobs:
print-token:
name: print-token
environment: dev
# needs: pre-pkr
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Get registration token
id: getRegToken
run: |
curl -X POST -H \"Accept: application/vnd.github.v3 json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token
Eventually I'd wanna pass this token to the ami I am creating with packer build command (next step). I tried above curl request with packer's shell provisioner as well but same response. Unable to figure out if I have to allow some permissions from github ui? Or how else can this be done? Thanks in advance.
CodePudding user response:
Try adding permissions
to your job:
name: get-token
"on":
push: { branches: ["token"] }
jobs:
print-token:
permissions: write-all
name: print-token
environment: dev
# needs: pre-pkr
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Get registration token
id: getRegToken
run: |
curl -X POST -H \"Accept: application/vnd.github.v3 json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token
This should tell you if that's the issue, then you can figure out which permission you were missing and configure them correctly in more details.
As comments and other answers mentioned, there are multiple ways you can configure permissions:
- use PAT (Personal Access Token)
- override permissions in workflow file itself, as shown in snippet above
- configure permissions in Actions settings
The third option can be done on few different levels:
You can find details for default permissions here.
CodePudding user response:
The problem here is related to the GITHUB_TOKEN
permission scope that is generated automatically in a Github Actions workflow run.
As frennky
shared in his answer, the default permissions of this token can be found here.
Based on this, you have 2 solutions:
The first one is the one suggested by
freenky
, updating theGITHUB_TOKEN
permissions in the workflow run using the permissions field in your job.The second one is to use a Personal Access Token instead of the default
GITHUB_TOKEN
, creating it with the specific permissions you need, and then adding it as a repository secret.