I’m developing a private GitHub App in our organization. I want to call PUT https://api.github.com/repos/{ORG}/{REPO}/pulls/{PR_NUMBER}/update-branch using the app’s token
, but the endpoint returns an error response:
{
"message": "user doesn't have permission to update head repository",
"documentation_url": "https://docs.github.com/rest/reference/pulls#update-a-pull-request-branch"
}
I’ve confirmed our GitHub App has permissions to read/write our repository’s pull-requests and contents, I’m guessing the endpoint is not callable using GitHub App’s tokens.
Anyone has any knowledge about this?
Thanks.
How to reproduce
- Generate JWT using GitHub App’s private key
require 'openssl'
require 'jwt' # https://rubygems.org/gems/jwt
# Private key contents
private_pem = File.read("PATH_TO_PEM")
private_key = OpenSSL::PKey::RSA.new(private_pem)
# Generate the JWT
payload = {
# issued at time, 60 seconds in the past to allow for clock drift
iat: Time.now.to_i - 60,
# JWT expiration time (10 minute maximum)
exp: Time.now.to_i + (10 * 60),
# GitHub App's identifier
iss: "YOUR_APP_ID"
}
jwt = JWT.encode(payload, private_key, "RS256")
puts jwt
- Get an access token
curl --request POST \
--url https://api.github.com/app/installations/:installation_id/access_tokens \
--header 'Accept: application/vnd.github.v3+json' \
--header 'Authorization: Bearer {JWT}'
- Call
update-branchAPI
curl --request PUT \
--url https://api.github.com/repos/:org/:repo/pulls/:pr_number/update-branch \
--header 'Accept: application/vnd.github.v3+json' \
--header 'Authorization: Bearer {ACCESS_TOKEN}'
It would get an error:
{
"message": "user doesn't have permission to update head repository",
"documentation_url": "https://docs.github.com/rest/reference/pulls#update-a-pull-request-branch"
}