Skip to content

✨ Specific error message for branch protection permission failure. #4892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kash2104 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

✨ Specific error message for branch protection permission failure. #4892

kash2104 wants to merge 1 commit into from

Conversation

@kash2104
Copy link
Contributor

@kash2104 kash2104 commented Dec 24, 2025

What kind of change does this PR introduce?

This PR introduces a code change to provide specific error message when branch protection rule fails due to the use of default GITHUB_TOKEN which doesn't have permission to view branch protection rules.

(Is it a bug fix, feature, docs update, something else?)
feature

What is the current behavior?

When the CI fails because of branch protection rules, it shows generic error message which doesn't give the users an idea of what the actual underlying issue is.

What is the new behavior (if this is a feature change)?**

When error is shown, string matching is done based on which it shows error message specific to the failure of branch protection CI test.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #2946

Special notes for your reviewer

Here strings.Contains() is case-sensitive so need to adjust the substring or the error message string accordingly.

Does this PR introduce a user-facing change?

Yes

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

No change needs to be done from the user side. Users will now see a clear message when instead of generic internal error message when the branch protection check fails due to GITHUB_TOKEN persmission limitations.

@kash2104 kash2104 requested a review from a team as a code owner December 24, 2025 18:59
@kash2104 kash2104 requested review from raghavkaul and spencerschrock and removed request for a team December 24, 2025 18:59
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Dec 24, 2025
@codecov
Copy link

codecov bot commented Dec 24, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.69%. Comparing base (353ed60) to head (db364d5).
⚠️ Report is 303 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4892      +/-   ##
==========================================
+ Coverage   66.80%   69.69%   +2.89%     
==========================================
  Files         230      251      +21     
  Lines       16602    15651     -951     
==========================================
- Hits        11091    10908     -183     
+ Misses       4808     3869     -939     
- Partials      703      874     +171
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

AdamKorcz
AdamKorcz reviewed Dec 26, 2025
View reviewed changes
clients/githubrepo/branches.go Outdated
queryData := new(branchData)
if err := handler.graphClient.Query(handler.ctx, queryData, vars); err != nil {
if strings.Contains(err.Error(), "resource not accessible by integration") {
return nil, sce.WithMessage(sce.ErrScorecardInternal, "Branch protection check failed. Need to use a PAT.")
Copy link
Contributor

@AdamKorcz AdamKorcz Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The message doesn't convey that the token doesn't have permissions. Would be great to make that clearer.

Copy link
Contributor Author

@kash2104 kash2104 Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AdamKorcz Have made the message more clear.

@kash2104
Improve error message for branch protection permission failure.
db364d5 
Signed-off-by: kash2104 <kparikh1104@gmail.com>
@kash2104
Copy link
Contributor Author

kash2104 commented Jan 1, 2026

@AdamKorcz Any more changes required? Would appreciate another review.

@kash2104
Copy link
Contributor Author

kash2104 commented Jan 6, 2026

@spencerschrock Would appreciate a review.

spencerschrock
spencerschrock requested changes Jan 8, 2026
View reviewed changes
clients/githubrepo/branches.go
Comment on lines 321 to 324
// only report permission errors if no ruleset data
if len(handler.ruleSets) == 0 {
return nil, sce.WithMessage(sce.ErrScorecardInternal, classicBranchErrMsg)
}
Copy link
Member

@spencerschrock spencerschrock Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this was already fixed in #4778. I didn't realize there were multiple issues assigned for this issue, so I didn't know to close #2946, sorry!

Unless there's an edge case that's still throwing the errors, I'll plan on closing this out in a day or two

@github-actions
Copy link

github-actions bot commented Jan 19, 2026

This pull request has been marked stale because it has been open for 10 days with no activity

@github-actions github-actions bot added Stale and removed Stale labels Jan 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spencerschrock spencerschrock spencerschrock requested changes

@AdamKorcz AdamKorcz AdamKorcz approved these changes

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

OpenSSF Scorecard
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Improve error message when branch protection check fails because of the use of GITHUB_TOKEN

3 participants

@kash2104 @spencerschrock @AdamKorcz