Creating a pull request review request as an app


#1

Hi there,

I’m building a GitHub App that, among other things, will be requesting PR reviews automatically. My app attempts to call the Create Review Request endpoint, but always gets back the following error:

Must have push access to this repository to add review requests.

I’ve tried adjusting the app’s permissions a bunch of different ways, but it still does this. I’m passing down the Accept: application/vnd.github.machine-man-preview+json header with the request. And I’ve succeeded calling it when this was an OAuth app. Is this supposed to work for GitHub Apps?

Thanks for anyone’s help!


#2

:wave: @decompil3d,

I checked the endpoint and it should be enabled for GitHub Apps :+1:

I also checked which permissions are necessary, and the documentation is correct, you would need:

https://developer.github.com/v3/apps/permissions/#permission-on-pull-requests
with :write permissions

If that still does not work for you, please let us know.

Cheers,
Víctor.


#3

Hi @vroldanbet - thanks for the reply. I’ve double-checked and I definitely have that permission set on my app. Here’s the full set of permissions on it (shown in an installation of the app):

I should note that I’m doing this on a GitHub Enterprise 2.12.9 server. So perhaps it’s a bug in that version that’s fixed later?


#4

@decompil3d,

indeed, that’s correct! The changes for this endpoint made it into 2.13.0! :tada:


#5

Gotcha. Thanks for the assistance @vroldanbet :slight_smile:

Now to bug my internal GitHub team to upgrade…


#6

@decompil3d no problem! good luck with that :sweat_smile:


#7

Hi again @vroldanbet – my internal GitHub Enterprise installation finally got updated to 2.13, but the issue persists.

Still getting the same “Must have push access to this repository to add review requests.” error when trying to request reviews using the GitHub App’s identity. Works fine when I issue the request under a normal user account token that’s been granted admin access on the org.

Can you please help?


#8

Hi @decompil3d,

sorry you had to upgrade GHE and still the endpoint does not work as expected. I see a bug on this endpoint was recently identified (see discussion here API v3 - Pull Request Reviews). Here it was reported user-to-server didn’t work, while I believe your app is doing a server-to-server request (acting in behalf of the integration).

We recently deployed a fix for this in dotcom, but hasn’t been released yet in GHE, and I need to check it actually solves your problem. I’ll keep you posted for a release in GHE.

Cheers,
Víctor.


#9

@decompil3d do you mind providing us with a cURL dump of the request?


#10

@vroldanbet here you go. Let me know if you need anything else. The token is, indeed, the one from the GitHub App. Same token works just fine for other options such as commenting on PRs, reading files from the repo, and reading user membership in orgs.

$ curl -d '{"reviewers":["REDACTED_USERNAME"]}' -H 'Accept: application/vnd.github.machine-man-preview+json' -H 'Content-Type: application/json' -H 'Authorization: Token v1.REDACTED' https://github.REDACTED.net/api/v3/repos/REDACTED_ORG/REDACTED_REPO/pulls/6/requested_reviewers -v*   Trying REDACTED_IP...
* TCP_NODELAY set
* Connected to github.REDACTED.net (REDACTED_IP) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: github.REDACTED.net
* Server certificate: REDACTED Certificate Authority
* Server certificate: REDACTED Root Certificate Authority
> POST /api/v3/repos/REDACTED_ORG/REDACTED_REPO/pulls/6/requested_reviewers HTTP/1.1
> Host: github.REDACTED.net
> User-Agent: curl/7.54.0
> Accept: application/vnd.github.machine-man-preview+json
> Content-Type: application/json
> Authorization: Token v1.REDACTED
> Content-Length: 25
>
* upload completely sent off: 25 out of 25 bytes
< HTTP/1.1 422 Unprocessable Entity
< Server: GitHub.com
< Date: Mon, 09 Jul 2018 19:54:40 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 248
< Status: 422 Unprocessable Entity
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4990
< X-RateLimit-Reset: 1531168712
< X-GitHub-Enterprise-Version: 2.13.5
< X-GitHub-Media-Type: github.machine-man-preview; format=json
< Access-Control-Expose-Headers: ETag, Link, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
< Access-Control-Allow-Origin: *
< X-GitHub-Request-Id: 396b57d4-83ed-4680-94c3-b453a8c3b368
< Content-Security-Policy: default-src 'none'
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< X-Runtime-rack: 0.074509
<
{
  "message": "Validation Failed",
  "errors": [
    "Must have push access to this repository to add review requests."
  ],
  "documentation_url": "https://developer.github.com/enterprise/2.13/v3/pulls/review_requests/#create-a-review-request"
}
* Connection #0 to host github.REDACTED.net left intact

#11

hey @decompil3d,

thanks for the prompt response. We did some initial assessment and found we have tests demonstrating this endpoint should work for server-2-server calls (installation token). Now with your cURL input, we will try to reproduce your problem.


#12

hi again @decompil3d,

good news is we identified the issue. Bad news this was fixed some time ago, but hasn’t been ported to GHE. I’ve requested to add this to 2.13.6. Sorry that this means yet another update :sob:


#13

@decompiled,

I’ve backported the fix to 2.13.X, but given 2.13.6 is released this week, the backport will have to be pushed to 2.13.7.

Also, this week 2.14 will be released, which also includes the fix! So you can choose to wait for 2.13.7 or go ahead and update to 2.14.

HTH,
Víctor


#14

Thanks for your help @vroldanbet. Much appreciated. Back to my internal GHE admins I go then :slight_smile:


#15

Just to close the loop, this is indeed fixed in GHE 2.14.4 (maybe earlier, but that’s the version we upgraded to). Thanks again for your help @vroldanbet :slight_smile: