github 帖子 /repos/{owner}/{repo}/actions/runners/registration-token API 上的“资源无法通过集成访问”

我正在从我的 github 工作流程（操作）发出一个 curl 发布请求，以获取自托管运行器的注册令牌，但我收到以下响应：

{
  "message": "Resource not accessible by integration",
  "documentation_url": "https://docs.github.com/rest/reference/actions#create-a-registration-token-for-a-repository"
}

下面是我的 github 工作流程的精简版本：

name: get-token

"on":
  push: { branches: ["token"] }

jobs:
  
  print-token:
    name: print-token
    environment: dev
    # needs: pre-pkr
    runs-on: ubuntu-latest

    steps:
      - name: Check out code
        uses: actions/checkout@v2

      - name: Get registration token
        id: getRegToken
        run: |
          curl -X POST -H \"Accept: application/vnd.github.v3+json\"  -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token

最终我想将此令牌传递给我使用 packer build 命令创建的 ami（下一步）。我也尝试使用加壳器的 shell 配置程序执行上述curl 请求，但响应相同。 无法弄清楚我是否必须允许来自 github ui 的某些权限？或者还有什么办法可以做到这一点？ 提前致谢。

尝试添加permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs到你的工作：

name: get-token

"on":
  push: { branches: ["token"] }

jobs:
  
  print-token:
    permissions: write-all
    name: print-token
    environment: dev
    # needs: pre-pkr
    runs-on: ubuntu-latest

    steps:
      - name: Check out code
        uses: actions/checkout@v2

      - name: Get registration token
        id: getRegToken
        run: |
          curl -X POST -H \"Accept: application/vnd.github.v3+json\"  -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token

这应该告诉您这是否是问题所在，然后您可以找出您缺少的权限并在更多中正确配置它们details https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions.

正如评论和其他答案所提到的，您可以通过多种方式配置权限：

• 使用PAT（个人访问令牌 https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
• 覆盖工作流文件本身的权限，如上面的代码片段所示
• 在操作设置中配置权限

第三个选项可以在几个不同的级别上完成：

• server https://docs.github.com/en/enterprise-server@3.3/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise
• 组织 https://docs.github.com/en/enterprise-server@3.3/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization
• 存储库 https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository

您可以找到默认权限的详细信息here https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token.