GitHub Community
Is it possible to open a pull request on a public repo owned by an organization using a fork branch as head with Github App? #39178
-
Select Topic AreaQuestion BodyI'm using Github Apps to fork a public repository owned by one of my organizations on the accounts of users who installed my app (users are not members of the organization). That works fine, but I tried openning a pull request on the parent repository using a fork branch as head and it doesn't work. This is the endpoint: curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
https://api.github.com/repos/OWNER/REPO/pulls \
-d '{"title":"Open PR","body":"Something","head":"USERNAME:BRANCH","base":"main"}'If I authenticate my app as the installation on the user's account, I get status {
"message": "Resource not accessible by integration",
"documentation_url": "https://docs.github.com/rest/reference/pulls#create-a-pull-request"
}I assume I should authenticate as the installation on the user's account, but I also tried authenticating as the installation on my organization, and in this case I get status {
"message": "Validation Failed",
"errors": [
{
"resource": "PullRequest",
"code": "custom",
"field": "fork_collab",
"message": "fork_collab Fork collab can't be granted by someone without permission"
}
],
"documentation_url": "https: docs.github.com/rest/reference/pulls#create-a-pull-request"
}I don't know if I'm missing something or this can't be done. The documentation mentions that to open PRs on organization owned repositories you must be a member of the organization:
If I authenticate as an app installation belonging to a user who is a member of the organization it doesn't work either, I still get I also tried using a personal access token instead of an installation token to verify that it is necessary to be a member of the organization to open pull requests on public repos through the API. But it seems to work just fine with personal access tokens even if the authenticated user is not a member of the organization who owns the repo. And you can also open a PR using the browser without having to be a member of the organization, so I think this should be possible. Is there any permission that I am missing? My app has permissions for pull requests, contents, issues, administration, workflows and actions. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I have added |
Beta Was this translation helpful? Give feedback.
-
|
I am running in the same 403 issue at the moment (GitHub app acting on behalf of an user account) when trying to open a pull request to a third-party organization's repository. The setup used to work fine with my PAT (with the same permissions as of the GitHub app installation), but doesn't with the GitHub app access token. Setting Still researching, will followup if I find something conclusive. |
Beta Was this translation helpful? Give feedback.
I have added
"maintainer_can_modify": Falsein the request body and now it works, but this doesn't seem to be documented, I couldn't find anything searchingfork_collab. I also have to authenticate as the installation on my organization, which is a little bit counterintuitive because when you open a PR in the browser or using personal access token you authenticate as the user who is opening the PR. In this case though the bot opens the PR, so I think it makes sense.