It seems like the permission in this repo cannot be effect by workflow setting.
will figure it out later.

Refer to https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token

Note: Organization owners can prevent you from granting write access to the GITHUB_TOKEN at the repository level.

And here is the log of the action history, the permissions have changed from write to read.

Hi @yuqi1129 , I'm thinking that this issue may not be resolved in repository level.
One of the root cause is the permissions problem, please refer to the previous comment.

Update: It's the restriction on pull requests.

Workflow runs triggered by Dependabot pull requests run as if they are from a forked repository, and therefore use a read-only GITHUB_TOKEN.

Solutions from docs:

1. Use pull_request_target make workflow run base on target repository, which means GITHUB_TOKEN have write permission. But the workflow won't apply the commit change from forked repository.
2. Granting additional permissions

@yijhenlin Would you please guide as on how to do this? I think it worked before, not sure which change makes it fail to work.

@jerryshao
If the repository is private, it has policies to allow pull requests using a GITHUB_TOKEN with write permission.
When the repository becomes public, these policies cannot be used due to security reasons.

Currently, the recommended way is through Github App to generate an authentication token with fine-grained permission and use this token for public repository.

Thanks for the explanation, let me check this.

Hi @jerryshao
I've tried for a while and realize that it's not easy to pass secrets/tokens to a forked repo. (pull_request_target works, but it is too risky compared to the purpose)
So here is a workaround, output the report to workflow summary instead of comment.
WDYT?

@xunliu what's your opinion on it?

@xunliu what's your opinion on it?

I'm fork yijhenlin/jacoco-report@4305a5a to Datastrato org?