Viewer not authorized to delete even when using GITHUB_TOKEN?

Hi there, I’m developing a Javascript action that reads a list of issues from graphql api (works!) and then deletes them based on some rules (doesn’t work yet!).

Looks like the error happens when using GITHUB_TOKEN (from ${{ secrets.GITHUB_TOKEN }}) even if in the Set Up Job of the action I can see that permissions for issues look fine Issues: write. The call to deleteIssue fails an I get the error Viewer not authorized to delete.

Instead if I set a repository secret using a personal token (created with permissions on repo) the deletion works as expected.

So the question is: is the GITHUB_TOKEN having different permissions than the ones displayed during the set up of the action execution?

Hi @dlondero, welcome to the community

Just a couple of quick thoughts that may or may not be a constraint depending on your actual scenario.

Is the issue you are trying to delete, in the same repository that contains your workflow. I read that The GITHUB_TOKEN secret permissions are limited to the repository that contains your workflow, if it is not you will need to go down the personal access token route you have already proven.

Or is this a personal or organization repository, as by default issues cannot be deleted in an organization’s repositories. An organization owner must enable this feature for all of the organization’s repositories first.

Hi @byrneh, thanks for your help. Good questions.

I’m trying to delete issues on the same repository where the workflow is running. This is an organisation repository and the configuration to Allow members to delete issues for this organisation is already enabled at org level.

That’s why I find it weird for the GITHUB_TOKEN to not work as expected even though the write permission appears to be available for the issues.

Ok so reading here Repository permission levels for an organization - GitHub Docs it looks like what is happening is the expected behaviour because Delete an issue actually requires Admin permissions which are not granted to the GITHUB_TOKEN.

So I guess going with the personal access token is the only option for this.

Yes I suspect that is the case, so working as designed from a GitHub standpoint.

You have probably already seen, but if not, a summary in docs is here: permissions-for-the-github_token

Yep, saw that thanks!