Fix welcome workflow failing on fork PRs due to missing write permissions#83
Merged
Fix welcome workflow failing on fork PRs due to missing write permissions#83
Conversation
Agent-Logs-Url: https://github.com/microcks/.github/sessions/2e22dda4-018d-4d9f-be58-9aff76abdd67 Co-authored-by: yada <552526+yada@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix action step error in Microcks workflow
Fix welcome workflow failing on fork PRs due to missing write permissions
Mar 28, 2026
yada
added
bug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
welcome-new-usersworkflow was failing withHttpError: Resource not accessible by integrationon PRs opened from forks. Thepull_requestevent runs workflows with a read-only token for fork PRs regardless of declared permissions.Changes
pull_requesttrigger withpull_request_targetso the workflow runs in the base repo context and receives the write-scoped token needed to post comments and reactionsif:conditions inwelcome-pr-openedandwelcome-pr-mergedjobs to matchgithub.event_name == 'pull_request_target'This workflow never checks out PR code, so
pull_request_targetis safe to use here.Related issue(s)
See also https://github.com/microcks/microcks/actions/runs/23681151353/job/68999465915
💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.