No report on pull requests from forks

[axel-op]

Description

When the action is triggered by the pull_request event, if the pull request is from a different repository (a fork), the action fails with the error "Resource not accessible by integration".

EDIT: this behavior has changed. See the comment below.

Why is this happening

This action uses the GITHUB_TOKEN you provide to call the GitHub API and to post the result of its analysis.
As explained here, here, or here, GitHub for now reduces the permissions of this token when the action is triggered by another repository.
Therefore an error is thrown when this action tries to call the API in this situation.

Current workaround

A possible workaround is to edit your workflow to trigger this action only when pull requests come from the same repository. This can be done by adding an if-condition, as illustrated below:

name: Example workflow
on: [push, pull_request]

jobs:

  package-analysis:
    if: github.event_name != 'pull_request' || github.actor == '[username]' # Replace [username] by the username of your repo
    runs-on: ubuntu-latest
    steps:
      - ...

I will update this issue if there is new information on this.

[axel-op]

I edited the code so that this action won't fail anymore on this error.
The report will now be skipped if it cannot be posted.
This action will fail if a compilation error or a static error is detected by the analyzer.
The outputs of this action will still be set.

[vaind]

The report will now be skipped if it cannot be posted.

Any chance the report could be printed directly to the standard ouptut in that case? Otherwise, if there's a failure later in the pipeline (e.g. our CI fails if the score decreases) we can't see what's wrong.

[axel-op]

Hello @vaind, you can still see the original raw JSON report in the logs, along with the values of the outputs. Is this what you want?

[vaind]

Totally missed that, all good then

[GroovinChip]

For cases like this, is there any way the raw json from the job logs can be captured and turned into a report or downloadable job artifact? Having to hunt through the logs to see the analysis in these cases is a bit tedious.

[axel-op]

For cases like this, is there any way the raw json from the job logs can be captured and turned into a report or downloadable job artifact? Having to hunt through the logs to see the analysis in these cases is a bit tedious.

Hi @GroovinChip, could you please create a separate issue for this ? :)

[GroovinChip]

For cases like this, is there any way the raw json from the job logs can be captured and turned into a report or downloadable job artifact? Having to hunt through the logs to see the analysis in these cases is a bit tedious.

Hi @GroovinChip, could you please create a separate issue for this ? :)

Done