Skip to content
Snippets Groups Projects

License-Vetting workflow on WildWebDeveloper fails due to "pull-requests: write" is nor allowed

    • Closed Issue created by Victor Rubezhny @vrubezhny

    Summary

    License-Vetting workflow fails with the following error:

    Invalid workflow file: .github/workflows/licensecheck.yml#L17
The workflow is not valid. .github/workflows/licensecheck.yml (Line: 17, Col: 3): Error calling workflow 'eclipse/dash-licenses/.github/workflows/mavenLicenseCheck.yml@master'. The nested job 'check-licenses' is requesting 'pull-requests: write', but is only allowed 'pull-requests: none'.

    It looks like the token doesn't have pull-requests: write enabled, while it's requested by https://github.com/eclipse/dash-licenses/blob/51f45991567a170692daba2759a454c9185c8d0f/.github/workflows/mavenLicenseCheck.yml#L52-L53:

        permissions:
      pull-requests: write

    Steps to reproduce

    Try running https://github.com/eclipse-wildwebdeveloper/wildwebdeveloper/actions/runs/7005481421 GH Action

    What is the current bug behavior?

    Running the WWD PR License check GH Action fails with "Startup failure" mentioned above

    What is the expected correct behavior?

    The WWD PR License check is to be successfully started

    Relevant logs and/or screenshots

    Invalid workflow file: .github/workflows/licensecheck.yml#L17
The workflow is not valid. .github/workflows/licensecheck.yml (Line: 17, Col: 3): Error calling workflow 'eclipse/dash-licenses/.github/workflows/mavenLicenseCheck.yml@master'. The nested job 'check-licenses' is requesting 'pull-requests: write', but is only allowed 'pull-requests: none'.

    Priority

    • Urgent
    • High
    • Medium
    • Low

    Severity

    • Blocker
    • Major
    • Normal
    • Low

    Impact

    Automatic dependency license vetting is not possible anymore, so the dependency updates for the next release, if scheduled, will be blocked.

    2 of 8 checklist items completed · Edited

    Designs

      Child items ...

      2. Activity

      • Victor Rubezhny changed the description

        changed the description

      • Thomas Neidhart
        Thomas Neidhart @netomi ·

        The reusable workflow at eclipse/dash-licenses/.github/workflows/mavenLicenseCheck.yml has been updated to indicate that write permissions are required for pull-requests for the comment feature.

        You have to explicitly grant the write permission to the workflow calling the mavenLicenseCheck.yml by adding

        permissions:
  pull-requests: write

        in your workflow.

      • Victor Rubezhny
        Victor Rubezhny @vrubezhny ·
        Author

        @netomi Thanks for your help! Explicitly added "permisions" helped.

      • Victor Rubezhny closed

        closed

      Please register or sign in to reply

      Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent