Cannot remove review request from within workflow?

I want to remove a PR review request from within a workflow. To this end, I’m trying to use the endpoint

DELETE /repos/:owner/:repo/pulls/:pull_number/requested_reviewers

as documented here (linking to old docs – the new docs have somehow dropped the description of these endpoints today…)

To this end, I’m using the GitHub CLI like this:

gh api "repos/:owner/:repo/pulls/$prid/requested_reviewers" \
    --method DELETE --input - < reviewers.json

where reviewers.json looks something like

{
  "reviewers": [
    "user1",
    "user2"
  ]
}

and $prid is the PR ID.

This works fine when I run it locally. However, from within a workflow, I get an error

HTTP/1.1 422 Unprocessable Entity

To get more output, I tried the same endpoint with a request sent using curl (still from within the workflow):

curl \
	--verbose \
	--request DELETE \
	--location \
	--silent \
	--show-error \
	--header "Content-Type: application/json" \
	--header "Accept: application/vnd.github.v3+json" \
	--header "Authorization: Bearer $GITHUB_TOKEN" \
	--data @reviewers.json \
	"https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$prid/requested_reviewers"

resulting in a more specific error response:

{
  "message": "Validation Failed",
  "errors": [
    "Could not resolve to a node with the global id of 'MDQ6VGVhbTM4NzY3NDQ='."
  ],
  "documentation_url": "https://developer.github.com/v3/pulls/review_requests/#delete-a-review-request"
}

A bit of googling pointed towards a permission issue, an indeed, using a personal access token instead of GITHUB_TOKEN fixed it.

Why is this required, though? GITHUB_TOKEN has read/write permissions for pull requests, shouldn’t this work out of the box? I’d imagine interacting with a pull request is one of the core use cases for actions, so I’m confused as to why removing a review request is not permitted by default.

Hi @bewuethr,

GITHUB_TOKEN has the read&write permission to the pull request. The error is due to that GITHUB_TOKEN is not correctly invoked.

Please use ${{ secrets.GITHUB_TOKEN }} instead of $GITHUB_TOKEN in your curl command. Code sample as below:

          curl \
          --verbose \
          --request DELETE \
          --location \
          --silent \
          --show-error \
          --header "Content-Type: application/json" \
          --header "Accept: application/vnd.github.v3+json" \
          --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
          --data @reviewers.json \
          "https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$prid/requested_reviewers"

Please refer to my workflow for your reference: https://github.com/weide-zhou/ticket12/runs/938801751?check_suite_focus=true

Or you can define token in env:

          curl \
          --verbose \
          --request DELETE \
          --location \
          --silent \
          --show-error \
          --header "Content-Type: application/json" \
          --header "Accept: application/vnd.github.v3+json" \
          --header "Authorization: Bearer $GH_TOKEN" \
          --data @reviewers.json \
          "https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$prid/requested_reviewers"
        env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Thanks.