`gh pr edit` does not work with only `pull-requests: write` permissions

[nzig]

Describe the bug

I have a GitHub actions that runs gh pr edit using the GITHUB_TOKEN created automatically for the job.

When I added

permissions:
  pull-requests: write

to the workflow definition I started to get

GraphQL: Resource not accessible by integration (repository.pullRequest.projectCards.nodes)

I think it is because of this line:

cli/pkg/cmd/pr/edit/edit.go

Line 169 in 0ecd424

editable.Projects.Default = pr.ProjectCards.ProjectNames()

where the CLI tries to get the project names, but this requires the repository-projects: read permission.

Adding repository-projects: read fixes the problem, but this took me a while to figure out and should be fixed IMO, since edits to a PR that don't involve projects shouldn't require that permission.

I am using the latest CLI version as intalled in the ubuntu-latest GitHub Actions image.

Steps to reproduce the behavior

1. Create a workflow with only pull-requests: write permissions
2. Create a step that runs gh pr edit ...
3. See error

Expected vs actual behavior

The gh pr edit command should succeed without additional permissions.

[mislav]

Thank you for reporting! Fully agreed with your assessment of the bug.

Semi-related: #4631 #4876

[scottdickerson]

The workaround that @nzig came up with worked well until today:

permissions:
  packages: write # needed for push of package
  contents: write # needed for push of tags
  pull-requests: read # needed to view the PR for the slack
  repository-projects: read # needed for view the PR for the slack https://github.com/cli/cli/issues/6274

However, it seems to be newly broken again today:

GraphQL: Resource not accessible by integration (repository.pullRequest.statusCheckRollup.nodes.0.commit.statusCheckRollup)

[Bikram-DoorDash]

I added gh pr edit to my script today and got the Resource not accessible by integration error. Stumbled onto this page on Googling. It's been ~1 year since this issue was opened. :( Hope this gets some traction soon.

[danielkimuipath]

Im having this issue as well - anyone got it working with GitHub App ? is there any particular permission needs to be added besides PullRequest (read and write) and repository(read and write)?

[jenseng]

However, it seems to be newly broken again today:
GraphQL: Resource not accessible by integration (repository.pullRequest.statusCheckRollup.nodes.0.commit.statusCheckRollup)

I ran into this error when using gh pr list ..., and was able to resolve it by adding statuses and checks permissions to my job, e.g.

permissions:
  pull-requests: read
  statuses: read
  checks: read
  # you might need even more permissions, depending on what you're doing 😄