How to run graphql-inspector on dependabot pull requests with limited access?

[thomastvedt]

Hi, I have dependabot enabled which opens Pull Requests with updated Nuget package Company.Model.dll which is used in my GraphQL schema. I want to run graphql-inspector when dependabot opens these pull requests, but I get the following error message:

Run kamilkisiela/[email protected]
  with:
    name: Validate GraphQL schema
    schema: main:schema.graphql
    fail-on-breaking: true
    github-token: ***

GraphQL Inspector started
Ref: 502e3dd0e21[4](https://github.com/xxx?check_suite_focus=true#step:10:4)**removed**
Commit SHA: 143e[8](https://github.com/**removed**)
Creating a check named "Validate GraphQL schema"
Error: Resource not accessible by integration

The action runs with the following permissions when triggered by dependabot:

GITHUB_TOKEN Permissions
  Actions: read
  Checks: read
  Contents: read
  Deployments: read
  Discussions: read
  Issues: read
  Metadata: read
  Packages: read
  Pages: read
  PullRequests: read
  RepositoryProjects: read
  SecurityEvents: read
  Statuses: read

Any idea how I can get this to work? 😅

[severin]

I'm running into this as well. It would be great to know which permissions the Action requires.

I'm guessing it's maybe write permission for checks or statuses or issues or pull-requests?

[thomastvedt]

Here is one way to skip stuff for dependabot:

jobs:
  add_preview:
    if: github.actor != 'dependabot[bot]'

I can't remember if we figured out which permissions it requires, we ended up using another package agu-z/gql-diff-action@v2.