What “on” event are you using?

@Janglee123 ,

Yes, I can reproduce the same issue.
I also tried other similar actions that wrap the “Merge a pull request” API, get the same error message “Resource not accessible by integration”.
I directly run the “Merge a pull request” API in the workflow, get the same error message “Resource not accessible by integration”.

Looks like, the feature “Run workflows from fork pull requests” does not work as designed.
I have created an issue ticket (actions/virtual-environments#1609) to report this issue to the appropriate engineering team for further investigation and evaluation.

You can follow this issue ticket and add your comments to it.

@Janglee123 Hi! Thank you for reporting this. Is the repository you’re trying to merge the pull request into public or private?

@jclem Thanks for your interest, The repo is public.

Ah, and I also just saw the accepted answer. We never send secrets to workflows run from the pull_request event on public repo forks. This would allow any user to access your secrets simply by forking the repository and creating a PR that updates the workflow. Instead, @kingthorin is correct that pull_request_target is the correct event to use if you want to do something that requires write access to the repo, such as merging a PR.

However, the “Run workflows from fork pull requests” only applies to private repositories—we have no plans to enable this setting for public repositories due to the potential for stealing secrets and accidentally granting any user write access to the public repository.

Edit Just to be more explicit about why we don’t intend to support this for public repositories—since workflows on the pull_request event run from the merge commit of the pull request, a user could fork an open source repository, update the workflow to echo $SOME_SECRET, and then open a pull request. If that repository had secrets or write tokens enabled, the opener of the PR would be able to write to the repository and read its secrets.