Open
Description
Description
There seems to be a problem with the action permissions for pull-requests
I have an action with the following permissions:
permissions:
contents: write
pull-requests: write
And I can see that tea is allowed to run most required commands.
tea whoami
gitea-actions
Follower Count: 0, Following Count: 0, Starred Repos: 0
I can view pull-requests and I can comment/review on pull requests
tea pr list
+-------+--------------------------------+-------+--------------+-----------+------------------+--------+
| INDEX | TITLE | STATE | AUTHOR | MILESTONE | UPDATED | LABELS |
+-------+--------------------------------+-------+--------------+-----------+------------------+--------+
| 4 | chore(template): merge | open | Ola Thoresen | | 2024-10-21 13:05 | |
| | template changes :up: | | | | | |
+-------+--------------------------------+-------+--------------+-----------+------------------+--------+
tea pr review 4
(...)
? Concluding comment:
Must check
https://xxxxx/olen/test-template-sync/pulls/4#issuecomment-15
- And the comments shows up as created by gitea-actions:
But I am not allowed to create pull requests:
tea pr create
(...)
Error: could not create PR from chore/template_sync_56c0689 to olen:main: Can't read pulls or can't read UnitTypeCode
If I add another login in the run with a different token, I am allowed to create a PR.
tea pr create --login foo
#5 Chore/Template Sync 56c0689 (open)
@olen created 2024-10-21 13:10 main <- chore/template_sync_56c0689
I added some trace logging which shows that this is a permission problem:
2024/10/21 15:01:03 ...s/repo_permission.go:199:func1() [T] Permission Loaded for user <User -2:gitea-actions> in repo <Repository 11:olen/test-template-sync>, permissions: {AccessMode:0 units:[0xc006c1f780 0xc006c1f7c0 0xc006c1f840 0xc006c1f880 0xc006c1f8c0 0xc006c1f900 0xc006c1f940 0xc006c1f980] unitsMode:map[] everyoneAccessMode:map[]}
2024/10/21 15:01:03 .../api/v1/repo/pull.go:1132:parseCompareInfo() [T] Permission Denied: User <User -2:gitea-actions> cannot create/read pull requests or cannot read code in Repo <Repository 11:olen/test-template-sync>
User in baseRepo has Permissions: {AccessMode:0 units:[0xc006c1f780 0xc006c1f7c0 0xc006c1f840 0xc006c1f880 0xc006c1f8c0 0xc006c1f900 0xc006c1f940 0xc006c1f980] unitsMode:map[] everyoneAccessMode:map[]}
2024/10/21 15:01:03 ...s/process/manager.go:231:remove() [T] Done 6716508f-8: /usr/bin/git cat-file --batch-check [repo_path: /data/git/repositories/olen/test-template-sync.git] (modules/git/repo_base_nogogit.go:90)
2024/10/21 15:01:03 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/v1/repos/olen/test-template-sync/pulls for 10.42.42.34:37748, 404 Not Found in 35.8ms @ repo/pull.go:344(repo.CreatePullRequest)
2024/10/21 15:01:03 ...s/process/manager.go:231:remove() [T] Done 6716508f-6: POST: /api/v1/repos/olen/test-template-sync/pulls
Gitea Version
1.22.3
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
git version 2.45.2
Operating System
docker
How are you running Gitea?
docker
image: gitea/gitea:latest
Database
MySQL/MariaDB