4

I’ve created a GitHub app and installed it in my account, giving it access to a private repository in my account. The GitHub app has read permission to metadata. I then generated a JWT and used it to create an installation access token, following the steps here. I tried using this token to search for keywords in the above private repository using the GitHub search API as follows:

https://api.github.com/search/code?q=abc+in:file+repo:username/private-repo

However, this returns the following response.

{
    "message": "Validation Failed",
    "errors": [
        {
            "message": "The listed users and repositories cannot be searched either because the resources do not exist or you do not have permission to view them.",
            "resource": "Search",
            "field": "q",
            "code": "invalid"
        }
    ],
    "documentation_url": "https://docs.github.com/v3/search/"
}

I tried using this access token to fetch the repositories for this GitHub app installation and that returned the private repo successfully in the response. I assume this means that the installation has access to the private repo and the token works as expected. API used: https://api.github.com/installation/repositories.

Why does the search fail then?

zane
  • 107
  • 1
  • 11

2 Answers2

1

Raised a ticket with GitHub support. Their response:

The query failed because the GitHub App does not have permission to read the content of the private repository. The Metadata read permission will allow you to search for repositories but does not have sufficient scope to read the content of the repository(private).

The docs list the search API under Metadata, but it should be under Content permissions. Granting Content read permissions to the GitHub app solved the issue.

zane
  • 107
  • 1
  • 11
1

In my case the problem was the value of the "q" field. When I dropped the +repo argument I was able to search code just fine. I'm still not sure why the +repo did not work (it worked fine on the command line) but it turns out I didn't need it anyways since the repos were constrained to where the app was installed and I could also filter the results if needed.

Schof
  • 123
  • 2
  • 3
  • I had the same problem when I included the repo, but when I chose to *NOT* URL encode the query string, the repo param started working. This worked for me: `https://api.github.com/search/commits?q=hash:THE_FULL_HASH+repo:ORG-NAME/REPO-NAME` Even though I specify hash, I included the repo because I assume GH might search faster if I include it. Notes: [1] I had no GH App involved. Was just searching a repo directly. [2] I didn't try with a 7 character hash. Maybe that works, too. [3] I was using a GitHub PAT with perms to read the repo – mountHouli Aug 04 '23 at 00:07