Getting a permissions error when merging pull request


I’ve got a Github App that helps people manage their pull requests by letting people vote on them using reactions. I’ve been running the code as a bot for awhile but finally built an application around it.

Unfortunately when I try to merge pull requests I get a 403 error-

403 Resource not accessible by integration

What permissions do I need to add to the application to get this to work? I have read/write permissions set on pull requests and issues, but only read permissions outside of that.


Looking into this further it seems that the ability to merge pull requests requests the “content” permissions.

I really think this should be separate- I do not want to have access to the repositories directly. In the future I may make the app available to private repositories but I do not actually want to have access to the code itself (everything I need in the repository is handled by the single file permissions).


Our reasoning for putting the ‘Merge’ action behind the ‘content write’ permission is that you are creating a . merge commit, which is updating the contents of the repo.


I understand the reason, but I think it would be better to split it out into its own thing- the security argument here is that splitting it out would allow people to merge without ever having to see the content to begin with. As an app developer I don’t want to have access to any code unless it is absolutely necessary, and for my app it isn’t.