What permission does a Github Action need to call graphql enablePullRequestAutoMerge? #24686

jaqx0r · 2021-08-26T02:24:46Z

jaqx0r
Aug 26, 2021

I’m setting permissions on my workflows, and this is an OK experience for REST API as the permissions required are mostly documented there. However the GraphQL API documentation doesn’t describe the permissions required for the calls.

I am trying to set permissions for a workflow that enables automerge, which is via the GraphQL API: https://docs.github.com/en/graphql/reference/mutations#enablepullrequestautomerge though there are many similar, and the few that document the requirements on the token ask for full ‘repo’ access.

I’m not convinced that the token needs ‘repo’ ; perhaps it’s just pull_request: write? But I can’t tell without experimenting with the workflow config and retriggering them, and I’m not keen to do that – does anyone know the answer, and/or know where the GraphQL permissions are documented?

Further to that; is there a mapping of the permissions documented here: Authentication in a workflow - GitHub Docs to the token scopes you choose when Creating a Personal Access Token?

(I’d link to the last document, but this tool won’t let me post more than two URLs.)

Answered by sharwell

Sep 30, 2021

With some trial-and-error in a test repository, I found the minimum permissions to execute the enablePullRequestAutoMerge mutation are:

permissions:
  contents: write

View full answer

jsoref · 2021-08-26T03:07:48Z

jsoref
Aug 26, 2021

I filed a bug in response to a similar item:

  <a href="https://github.com/github/docs/issues/8925" target="_blank" rel="noopener">github.com/github/docs</a>

GraphQL API content does not appear to explain required permissions

<div class="github-info">
  <div class="date">
    opened <span class="discourse-local-date" data-format="ll" data-date="2021-08-10" data-time="03:33:30" data-timezone="UTC">03:33AM - 10 Aug 21 UTC</span>
  </div>


  <div class="user">
    <a href="https://github.com/jsoref" target="_blank" rel="noopener">
      <img alt="jsoref" src="https://user-images.githubusercontent.com/2119212/181086049-2fce8cd4-5726-470f-b743-39783450b556.png" class="onebox-avatar-inline" width="20" height="20">
      jsoref
    </a>
  </div>
</div>

<div class="labels">
    <span style="display:inline-block;margin-top:2px;background-color: #B8B8B8;padding: 2px;border-radius: 4px;color: #fff;margin-left: 3px;">
      content
    </span>
</div>

### Code of Conduct

I have read and agree to the GitHub Docs project's Co…de of Conduct.

What article on docs.github.com is affected?

https://docs.github.com/en/graphql/guides/forming-calls-with-graphql#authenticating-with-graphql

What part(s) of the article would you like to see updated?

#authenticating-with-graphql

The section that talks about authentication really doesn't help understand what permissions one needs to do things

A forum post asked about converting a PR to/from draft.

Additional information

The v3 API has a long page that makes it possible to try to figure out what permissions one might need:
https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-pull-requests

But, I really can't find any equivalent for the v4 api.

For reference, here's the mutation in question:
https://docs.github.com/en/graphql/reference/mutations#convertpullrequesttodraft

0 replies

sharwell · 2021-09-30T15:12:32Z

sharwell
Sep 30, 2021

With some trial-and-error in a test repository, I found the minimum permissions to execute the enablePullRequestAutoMerge mutation are:

permissions:
  contents: write

0 replies

jaqx0r · 2021-11-22T22:44:44Z

jaqx0r
Nov 22, 2021
Author

Confirmed that contents: write is the necessary permission. Thanks!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

What permission does a Github Action need to call graphql enablePullRequestAutoMerge? #24686

{{title}}

Replies: 3 comments

{{title}}

GraphQL API content does not appear to explain required permissions

What article on docs.github.com is affected?

What part(s) of the article would you like to see updated?

Additional information

{{title}}

{{title}}

Select a reply

GitHub Community

What permission does a Github Action need to call graphql enablePullRequestAutoMerge? #24686

jaqx0r Aug 26, 2021

Replies: 3 comments

jsoref Aug 26, 2021

GraphQL API content does not appear to explain required permissions

What article on docs.github.com is affected?

What part(s) of the article would you like to see updated?

Additional information

sharwell Sep 30, 2021

jaqx0r Nov 22, 2021 Author

jaqx0r
Aug 26, 2021

jsoref
Aug 26, 2021

sharwell
Sep 30, 2021

jaqx0r
Nov 22, 2021
Author