"Resource not accessible by integration" on github post /repos/{owner}/{repo}/actions/runners/registration-token API

Question

I am making a curl post request from my github workflow (action) to get registration token for a self-hosted runner but I am receiving the following response:

{
  "message": "Resource not accessible by integration",
  "documentation_url": "https://docs.github.com/rest/reference/actions#create-a-registration-token-for-a-repository"
}

Below is stripped version of my github workflow:

name: get-token

"on":
  push: { branches: ["token"] }

jobs:
  
  print-token:
    name: print-token
    environment: dev
    # needs: pre-pkr
    runs-on: ubuntu-latest

    steps:
      - name: Check out code
        uses: actions/checkout@v2

      - name: Get registration token
        id: getRegToken
        run: |
          curl -X POST -H \"Accept: application/vnd.github.v3+json\"  -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token

Eventually I'd wanna pass this token to the ami I am creating with packer build command (next step). I tried above curl request with packer's shell provisioner as well but same response. Unable to figure out if I have to allow some permissions from github ui? Or how else can this be done? Thanks in advance.

Answer 1

I ran into this issue today. My job only downloads the artifact, so I just needed the below (full example). Since the example also checks out the repo, you'll need to add contents: read to the permissions.

jobs:
  ...
  deploy:
    permissions:
      actions: read
    steps:
    - name: Download artifacts
      id: download
      uses: actions/download-artifact@v4
      with:
        name: <name from upload step>
        path: ${{ github.workspace }}/images
    - name: Do something
      working-directory: ${{ steps.download.outputs.download-path }}
      run: ls -R

Answer 2

Got the Error: HttpError: Resource not accessible by integration for dorny/test-reporter@v1 after upgrading to GitHub Enterprise.

Fixed with these permissions:

permissions:
  contents: read
  actions: read
  checks: write

Answer 3

Add this permissions line below your OS mentioned like this

    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      repository-projects: write

Answer 4

1. Go to repository "Settings".
2. After that it will show you a left pane where you will find "Actions"
3. Expand "Actions" tab
4. Click on "General" under options tab.
5. Now on new page scroll down and you will fine "Workflow Permissions"
6. Select "Read and Write" under "Workflow Permissions".

Rest of your settings seems fine as no more bug reported by you. If problem persists let me know I will fix it.

Answer 5

Try adding permissions to your job:

name: get-token

"on":
  push: { branches: ["token"] }

jobs:
  
  print-token:
    permissions: write-all
    name: print-token
    environment: dev
    # needs: pre-pkr
    runs-on: ubuntu-latest

    steps:
      - name: Check out code
        uses: actions/checkout@v2

      - name: Get registration token
        id: getRegToken
        run: |
          curl -X POST -H \"Accept: application/vnd.github.v3+json\"  -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token

This should tell you if that's the issue, then you can figure out which permission you were missing and configure them correctly in more details.

As comments and other answers mentioned, there are multiple ways you can configure permissions:

• use PAT (Personal Access Token)
• override permissions in workflow file itself, as shown in snippet above
• configure permissions in Actions settings

The third option can be done on few different levels:

• server
• organization
• repository

You can find details for default permissions here.

Answer 6

go to https://github.com/OWNER/REPO/settings/actions and in Workflow Permissions section give actions Read and Write permissions. That provides your token with rights to modify your repo and solves your problem.

Answer 7

The problem here is related to the GITHUB_TOKEN permission scope that is generated automatically in a Github Actions workflow run.

As frennky shared in his answer, the default permissions of this token can be found here.

Based on this, you have 2 solutions:

• The first one is the one suggested by freenky, updating the GITHUB_TOKEN permissions in the workflow run using the permissions field in your job.

• The second one is to use a Personal Access Token instead of the default GITHUB_TOKEN, creating it with the specific permissions you need, and then adding it as a repository secret.