You must authenticate via a GitHub App

[Mykullski]

Action Step

- name: Publish Test Results Summary
  uses: EnricoMi/[email protected]
  with:
    github_token: ${{ secrets.TOKEN }}
    action_fail: true
    files: |
      testresults/**/*.trx

Action Result

2024-10-23 22:44:50 +0000 - publish - INFO - Available memory to read files: 29.0 GiB
2024-10-23 22:44:50 +0000 - publish - INFO - Reading files testresults/**/*.trx (1 file, 3.1 KiB)
2024-10-23 22:44:50 +0000 - publish - INFO - Detected 1 TRX file (3.1 KiB)
2024-10-23 22:44:50 +0000 - publish - INFO - Finished reading 1 files in 0.01 seconds
2024-10-23 22:44:50 +0000 - publish - INFO - Publishing success results for commit 4dd853374c06958f6aea292d17b415b3e1d0438c
Request POST /repos/ORG/REPO/check-runs failed with 403: Forbidden
2024-10-23 22:44:51 +0000 - github.GithubRetry - INFO - Request POST /repos/ORG/REPO/check-runs failed with 403: Forbidden
Traceback (most recent call last):
File "/action/publish_test_results.py", line 546, in
main(settings, gha)
File "/action/publish_test_results.py", line 269, in main
Publisher(settings, gh, gha).publish(stats, results.case_results, conclusion)
File "/action/publish/publisher.py", line 233, in publish
data = self.publish_check(data)
File "/action/publish/publisher.py", line 461, in publish_check
check_run = self._repo.create_check_run(name=self._settings.check_name,
File "/usr/local/lib/python3.8/site-packages/github/Repository.py", line 3793, in create_check_run
headers, data = self._requester.requestJsonAndCheck(
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 537, in requestJsonAndCheck
return self.__check(*self.requestJson(verb, url, parameters, headers, input, self.__customConnection(url)))
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 702, in requestJson
return self.__requestEncode(cnx, verb, url, parameters, headers, input, encode)
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 799, in __requestEncode
status, responseHeaders, output = self.__requestRaw(cnx, verb, url, requestHeaders, encoded_input)
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 833, in __requestRaw
response = cnx.getresponse()
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 195, in getresponse
r = verb(
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 637, in post
return self.request("POST", url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 667, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 934, in urlopen
retries = retries.increment(method, url, response=response, _pool=self)
File "/usr/local/lib/python3.8/site-packages/github/GithubRetry.py", line 183, in increment
raise Requester.createException(response.status, response.headers, content) # type: ignore
github.GithubException.GithubException: 403 {"message": "You must authenticate via a GitHub App.", "documentation_url": "https://docs.github.com/rest/checks/runs#create-a-check-run", "status": "403"}

Notes

${{ secrets.TOKEN }} has full access and is created using the Personal access tokens (classic)
also tried it with a full access Fine-grained personal access tokens and no luck

[EnricoMi]

This action does not work with a PAT, it requires a Github App token.

Github Actions provide you a token via secrets.GITHUB_TOKEN (or simply don't provide a github_token option).

If you really have to povide a token other than secrets.GITHUB_TOKEN, you have to go through the process of creating a Github App.

[mrlacey]

I'm seeing this error reported when added to new projects.
I have the tokens working correctly on older projects and running the action on the projects with this previously added continues to work correctly. I believe this rules out an issue with the token.
Based on the link in the error message ( https://docs.github.com/en/rest/checks/runs?apiVersion=2022-11-28#create-a-check-run ) it seems to be related to something with "check runs" failing and these being limited to 1000 runs. Could this be limiting the number of repos that can use this extension?
Full disclosure, I do not understand what "check runs" are or what the linked documentation page is trying to say.

[mrlacey]

I'm seeing this error reported when added to new projects. I have the tokens working correctly on older projects and running the action on the projects with this previously added continues to work correctly. I believe this rules out an issue with the token. Based on the link in the error message ( docs.github.com/en/rest/checks/runs?apiVersion=2022-11-28#create-a-check-run ) it seems to be related to something with "check runs" failing and these being limited to 1000 runs. Could this be limiting the number of repos that can use this extension? Full disclosure, I do not understand what "check runs" are or what the linked documentation page is trying to say.

I take it back, I found the details on setting permissions and that has solved things.
I guess that there's some internal difference in settings of different projects based on when they were created.

[EnricoMi]

So I presume removing the github_token: ${{ secrets.TOKEN }} line fixes his for you?

[EnricoMi]

Btw., thanks for your support!

[mrlacey]

So I presume removing the github_token: ${{ secrets.TOKEN }} line fixes his for you?

No, I added the required permissions for the build earlier in the script.: mrlacey/WpfColorHelper@9ff6752

[EnricoMi]

@Mykullski has your issue resolved?