Skip to content
Latchkey

GitHub Actions actions/github-script Fails - await, return, and require

A step using actions/github-script throws because the inline script has a bug - a missing await on an async call, a reference to something the script does not provide, or an HttpError bubbling up from the API request itself.

What this error means

The github-script step fails with a JavaScript error (ReferenceError, TypeError) or an UnhandledPromiseRejection, or it surfaces an HttpError from an octokit call that returned a non-2xx status.

Actions log
RequestError [HttpError]: Resource not accessible by integration
    at .../github-script/dist/index.js
# or
ReferenceError: octokit is not defined  (use github, not octokit)

Common causes

Wrong helper names or missing await

github-script injects github (the octokit client), context, core, and others. Using octokit, or calling an async method without await, throws or leaves a rejected promise.

API call fails (HttpError)

A request that the token cannot make, or a 404/422 from bad parameters, throws an HttpError from inside the script - the script is fine but the API rejected the call.

How to fix it

Use the injected helpers and await calls

Reference github/context/core, and await every API call so rejections surface cleanly.

.github/workflows/ci.yml
- uses: actions/github-script@v7
  with:
    script: |
      const { data } = await github.rest.issues.createComment({
        ...context.repo,
        issue_number: context.issue.number,
        body: 'Hello',
      });
      core.info(`Created comment ${data.id}`);

Fix the underlying API failure

  1. For "Resource not accessible by integration", grant the needed permissions: block (e.g. issues: write).
  2. For a 404/422, check the parameters (repo, issue_number, ref) are correct.
  3. Wrap calls in try/catch and core.setFailed(e.message) to get a clear failure message.

How to prevent it

  • Use the github/context/core helpers github-script provides, not octokit.
  • await every async API call inside the script.
  • Grant the exact permissions the script's API calls require.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →