You must authenticate via a GitHub App

[Mykullski]

Action Step

- name: Publish Test Results Summary
  uses: EnricoMi/[email protected]
  with:
    github_token: ${{ secrets.TOKEN }}
    action_fail: true
    files: |
      testresults/**/*.trx

Action Result

2024-10-23 22:44:50 +0000 - publish - INFO - Available memory to read files: 29.0 GiB
2024-10-23 22:44:50 +0000 - publish - INFO - Reading files testresults/**/*.trx (1 file, 3.1 KiB)
2024-10-23 22:44:50 +0000 - publish - INFO - Detected 1 TRX file (3.1 KiB)
2024-10-23 22:44:50 +0000 - publish - INFO - Finished reading 1 files in 0.01 seconds
2024-10-23 22:44:50 +0000 - publish - INFO - Publishing success results for commit 4dd853374c06958f6aea292d17b415b3e1d0438c
Request POST /repos/ORG/REPO/check-runs failed with 403: Forbidden
2024-10-23 22:44:51 +0000 - github.GithubRetry - INFO - Request POST /repos/ORG/REPO/check-runs failed with 403: Forbidden
Traceback (most recent call last):
File "/action/publish_test_results.py", line 546, in
main(settings, gha)
File "/action/publish_test_results.py", line 269, in main
Publisher(settings, gh, gha).publish(stats, results.case_results, conclusion)
File "/action/publish/publisher.py", line 233, in publish
data = self.publish_check(data)
File "/action/publish/publisher.py", line 461, in publish_check
check_run = self._repo.create_check_run(name=self._settings.check_name,
File "/usr/local/lib/python3.8/site-packages/github/Repository.py", line 3793, in create_check_run
headers, data = self._requester.requestJsonAndCheck(
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 537, in requestJsonAndCheck
return self.__check(*self.requestJson(verb, url, parameters, headers, input, self.__customConnection(url)))
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 702, in requestJson
return self.__requestEncode(cnx, verb, url, parameters, headers, input, encode)
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 799, in __requestEncode
status, responseHeaders, output = self.__requestRaw(cnx, verb, url, requestHeaders, encoded_input)
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 833, in __requestRaw
response = cnx.getresponse()
File "/usr/local/lib/python3.8/site-packages/github/Requester.py", line 195, in getresponse
r = verb(
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 637, in post
return self.request("POST", url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 667, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 934, in urlopen
retries = retries.increment(method, url, response=response, _pool=self)
File "/usr/local/lib/python3.8/site-packages/github/GithubRetry.py", line 183, in increment
raise Requester.createException(response.status, response.headers, content) # type: ignore
github.GithubException.GithubException: 403 {"message": "You must authenticate via a GitHub App.", "documentation_url": "https://docs.github.com/rest/checks/runs#create-a-check-run", "status": "403"}

Notes

${{ secrets.TOKEN }} has full access and is created using the Personal access tokens (classic)
also tried it with a full access Fine-grained personal access tokens and no luck

[EnricoMi]

This action does not work with a PAT, it requires a Github App token.

Github Actions provide you a token via secrets.GITHUB_TOKEN (or simply don't provide a github_token option).

If you really have to povide a token other than secrets.GITHUB_TOKEN, you have to go through the process of creating a Github App.