Handle GITHUB_TOKEN 403 error gracefully

hmarr · Apr 2, 2022 · df19ac6 · df19ac6
1 parent 13f2dbd
commit df19ac6
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 7 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/approve.test.ts b/src/approve.test.ts
@@ -20,7 +20,7 @@ afterEach(() => {
   process.env = originalEnv;
 });
 
-test("when a review is successfully created", async () => {
+test("a review is successfully created with a PAT", async () => {
   nock("https://api.github.com").get("/user").reply(200, { login: "hmarr" });
 
   nock("https://api.github.com")
@@ -42,6 +42,28 @@ test("when a review is successfully created", async () => {
   );
 });
 
+test("a review is successfully created with an Actions token", async () => {
+  nock("https://api.github.com").get("/user").reply(403, {});
+
+  nock("https://api.github.com")
+    .get("/repos/hmarr/test/pulls/101")
+    .reply(200, { head: { sha: "24c5451bbf1fb09caa3ac8024df4788aff4d4974" } });
+
+  nock("https://api.github.com")
+    .get("/repos/hmarr/test/pulls/101/reviews")
+    .reply(200, []);
+
+  nock("https://api.github.com")
+    .post("/repos/hmarr/test/pulls/101/reviews")
+    .reply(200, { id: 1 });
+
+  await approve("gh-tok", ghContext());
+
+  expect(core.info).toHaveBeenCalledWith(
+    expect.stringContaining("Approved pull request #101")
+  );
+});
+
 test("when a review is successfully created using pull-request-number", async () => {
   nock("https://api.github.com").get("/user").reply(200, { login: "hmarr" });
 

diff --git a/src/approve.ts b/src/approve.ts
@@ -2,6 +2,7 @@ import * as core from "@actions/core";
 import * as github from "@actions/github";
 import { RequestError } from "@octokit/request-error";
 import { Context } from "@actions/github/lib/context";
+import { GitHub } from "@actions/github/lib/utils";
 
 export async function approve(
   token: string,
@@ -24,8 +25,8 @@ export async function approve(
 
   try {
     core.info(`Getting current user info`);
-    const { data: user } = await client.rest.users.getAuthenticated();
-    core.info(`Current user is ${user.login}`);
+    const login = await getLoginForToken(client);
+    core.info(`Current user is ${login}`);
 
     core.info(`Getting pull request #${prNumber} info`);
     const pull_request = await client.rest.pulls.get({
@@ -48,7 +49,7 @@ export async function approve(
 
     for (const review of reviews.data) {
       if (
-        review.user?.login == user.login &&
+        review.user?.login == login &&
         review.commit_id == commit &&
         review.state == "APPROVED"
       ) {
@@ -114,3 +115,21 @@ export async function approve(
     return;
   }
 }
+
+async function getLoginForToken(
+  client: InstanceType<typeof GitHub>
+): Promise<string> {
+  try {
+    const { data: user } = await client.rest.users.getAuthenticated();
+    return user.login;
+  } catch (error) {
+    if (error instanceof RequestError) {
+      // If you use the GITHUB_TOKEN provided by GitHub Actions to fetch the current user
+      // you get a 403. For now we'll assume any 403 means this is an Actions token.
+      if (error.status === 403) {
+        return "github-actions[bot]";
+      }
+    }
+    throw error;
+  }
+}