Getting "Validation Failed: "Could not resolve to a node with the global id of..." error

[danielsht86]

I've set up the following workflow:

name: "Assign Review Candidates"
on:
  pull_request:
    types: [labeled]

jobs:
  assign-reviewers:
    runs-on: ubuntu-latest
    steps:
      - name: "Assign NodeJS Review Candidate Team"
        if: github.event.label.name == 'nodejs-pr'
        uses: rowi1de/[email protected]
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          teams: "nodejs-reviewers-candidates"         # only works for GitHub Organisation/Teams
          include-draft: false            # Draft PRs will be skipped (default: false)
          skip-with-manual-reviewers: 10   # Skip this action, if the number of reviewers was already assigned (default: 0)
      - name: "Assign App Review Candidate Team"
        if: github.event.label.name == 'app-pr'
        uses: rowi1de/[email protected]
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          teams: "app-reviewers-candidates"         # only works for GitHub Organisation/Teams
          include-draft: false            # Draft PRs will be skipped (default: false)
          skip-with-manual-reviewers: 10   # Skip this action, if the number of reviewers was already assigned (default: 0)

and I've verified that the action is getting called. However, I'm getting the following error when it's run:

Run rowi1de/[email protected]
  with:
    repo-token: ***
    teams: nodejs-reviewers-candidates
    include-draft: false
    skip-with-manual-reviewers: 10
Adding teams: nodejs-reviewers-candidates, persons: 
##[error]Validation Failed: "Could not resolve to a node with the global id of 'MDQ6VGVhbTM3MDM1NzY='."
(node:2794) UnhandledPromiseRejectionWarning: HttpError: Validation Failed: "Could not resolve to a node with the global id of 'MDQ6VGVhbTM3MDM1NzY='."
    at /home/runner/work/_actions/rowi1de/auto-assign-review-teams/v1.0.0/lib/index.js:8052:23
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
(node:2794) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:2794) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

It appears that if I type a non existing team, I don't get any errors. But if I type the team that does exist (which has write access to my repo btw), I get this error. Not sure if this is a bug, or user error. Any pointers would be appreciated. Thanks!

[adipatel]

Have you tried passing a different SECRET than secrets.GITHUB_TOKEN ?
I am not 100% sure but I remember getting a similar error which was resolved passing a SECRET which had the correct/needed authorizations.

[rowi1de]

The GitHub Token contained in the workflow is the correct one. You can use:add a personal token, but than the action will act under your name in the PR.

I created an issue in core/octocit, because it happens in the library not the action code itself.

Maybe this issue is fixed in newer version.

actions/toolkit#233

[rowi1de]

Ok, I also get this issue in my Organisation Repo.
The Failing API is https://developer.github.com/v3/pulls/review_requests/#create-a-review-request

 await client.pulls.createReviewRequest(
      {
        owner: issue.owner,
        repo: issue.repo,
        pull_number: issue.number,
        reviewers: persons,
        team_reviewers: teams
      }
    )

@danielsht86, @adipatel please try to prefix your Organisation Name in front of the Team Name, that removes the Failure e.g.
teams:@<Org>/<team>

[rowi1de]

@danielsht86 is this still a thing?

[danielsht86]

@danielsht86 is this still a thing?

I no longer have access to the codebase where this was an issue, so am unable to verify that this has been resolved. Feel free to close this.

[denisok]

Could we reopen this? I could reproduce the issue:
percona/mongodb_exporter#254

https://github.com/percona/mongodb_exporter/actions/workflows/ready-for-review.yml

I tried workaround it with adding prefixes to the team, action succeeds but it actually doesn't assign the team:

Adding teams: teams:@percona/pmm-review-exporters
Request Status:201, Teams:

[ruchi1106]

I am facing the same issue action succeeds but team is not getting assigned. Do we need to give additional permissions to GITHUB_TOKEN ? Any pointers would be appreciated. Thankyou

[ghost]

Issue still exists

[irphilli]

I was getting a very similar error with another action when trying to add a team as a reviewer. I'm using a GitHub App, and had to add read-only access to Members to get it to work. Just throwing this out there in case this helps anyone!

[rowi1de]

Thanks @irphilli I’ll add this to the readme

[denisok]

@rowi1de @irphilli could you please elaborate? Read only access for the team members? If I don't use App, what perm should I give to whom?

[lukasnagl]

I’ve just encountered the same Could not resolve to a node with the global id of issue and the solution was quite effortful, so I hope this helps:

1. The root cause is that the underlying API request uses ${{ secrets.GITHUB_TOKEN }}, which misses the required permissions to add teams as reviewers.
2. As a workaround, you need to create a personal access token (PAT) with repo permissions (click the top-level repo checkbox).
3. To make that personal access token available to your organization's GitHub action, add the token as a secret.
4. Switch the repo-token in the GitHub action itself to use the new secret, e.g. repo-token: ${{ secrets.NAME_OF_MY_SECRET_CONTAINING_PAT_WITH_REPO_ACCESS }} instead of repo-token: ${{ secrets.GITHUB_TOKEN }}
5. As teams for the GitHub action configuration, use just the last part of the full organization team name. If your team is @myFancyCompany/myTeam, use teams: 'myTeam'

As this is an underlying permission issue, I believe this isn’t a bug but could justify a section in README.md.

[rowi1de]

@lukasnagl thanks for the detailed description, feel free to create a PR :)

[denisok]

Looks like currently it is possible to add team to CODEOWNERS and that would add team during PR creation and assign ppl: https://github.com/percona/pmm/blob/main/.github/CODEOWNERS#L1

[rowi1de]

Adding CODEOWNERS imposed different restrictions / implications. This is why this Action was created

[jlu-barracuda]

@lukasnagl thanks for that explanation, any idea what permissions I'd need to authorize if I use a Github App to authenticate?