fix: resolve GitHub Actions permissions error for deployment notifications

- Add proper permissions to CD pipeline workflow
- Fix deployment status creation with error handling
- Add robust notification system with fallback methods
- Include permissions for contents, deployments, issues, and PRs
- Add continue-on-error for non-critical notification steps
- Create simplified deployment workflow as backup option

This resolves the 'Resource not accessible by integration' error
in the deployment notification step by ensuring proper GitHub
token permissions are granted to the workflow.

Author: SifatAli008

.github/workflows/cd.yml

@@ -8,6 +8,13 @@ on:
     branches: [ main ]
     types: [completed]
 
+permissions:
+  contents: read
+  deployments: write
+  issues: write
+  pull-requests: write
+  statuses: write
+
 env:
   NODE_VERSION: '18'
   VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
@@ -95,16 +102,35 @@ jobs:
 
       - name: Create deployment status
         uses: actions/github-script@v7
+        continue-on-error: true
         with:
           script: |
-            github.rest.repos.createDeploymentStatus({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              deployment_id: context.payload.deployment?.id || 0,
-              state: 'success',
-              environment_url: '${{ steps.deploy.outputs.production_url }}',
-              description: 'Deployment completed successfully'
-            })
+            try {
+              // Create a deployment record first
+              const deployment = await github.rest.repos.createDeployment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: context.sha,
+                environment: 'production',
+                description: 'Production deployment',
+                auto_merge: false,
+                required_contexts: []
+              });
+              
+              // Then create the deployment status
+              if (deployment.data.id) {
+                await github.rest.repos.createDeploymentStatus({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  deployment_id: deployment.data.id,
+                  state: 'success',
+                  environment_url: '${{ steps.deploy.outputs.production_url }}',
+                  description: 'Deployment completed successfully'
+                });
+              }
+            } catch (error) {
+              console.log('Deployment status creation failed:', error.message);
+            }
 
   # Post-Deployment Tests
   post-deploy-tests:
@@ -152,21 +178,49 @@ jobs:
     runs-on: ubuntu-latest
     needs: [deploy-production, post-deploy-tests]
     if: always() && github.ref == 'refs/heads/main'
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
     steps:
       - name: Notify deployment status
         uses: actions/github-script@v7
+        continue-on-error: true
         with:
           script: |
-            const status = '${{ needs.deploy-production.result }}' === 'success' && '${{ needs.post-deploy-tests.result }}' === 'success' ? '✅ Success' : '❌ Failed';
-            const url = '${{ needs.deploy-production.outputs.production_url }}';
-            
-            github.rest.repos.createCommitComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              commit_sha: context.sha,
-              body: `🚀 **Deployment ${status}**
+            try {
+              const deployResult = '${{ needs.deploy-production.result }}';
+              const testResult = '${{ needs.post-deploy-tests.result }}';
+              const status = deployResult === 'success' && testResult === 'success' ? '✅ Success' : '❌ Failed';
+              const url = '${{ needs.deploy-production.outputs.production_url }}' || 'URL not available';
               
-              Production URL: ${url}
+              const body = `🚀 **Deployment ${status}**
               
-              The TOC Simulator has been deployed and is ready for use!`
-            })
+              **Deployment Result**: ${deployResult}
+              **Tests Result**: ${testResult}
+              **Production URL**: ${url}
+              
+              The TOC Simulator deployment process has completed!`;
+              
+              await github.rest.repos.createCommitComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                commit_sha: context.sha,
+                body: body
+              });
+              
+              console.log('Deployment notification sent successfully');
+            } catch (error) {
+              console.log('Failed to create deployment notification:', error.message);
+              // Try alternative notification method
+              try {
+                await github.rest.issues.create({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  title: `Deployment Status - ${new Date().toISOString()}`,
+                  body: `Deployment completed with status: ${{ needs.deploy-production.result }}`
+                });
+              } catch (fallbackError) {
+                console.log('Fallback notification also failed:', fallbackError.message);
+              }
+            }

.github/workflows/ci.yml

@@ -6,6 +6,13 @@ on:
   pull_request:
     branches: [ main ]
 
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+  checks: write
+  pull-requests: write
+
 env:
   NODE_VERSION: '18'
 

.github/workflows/deploy-simple.yml

@@ -0,0 +1,48 @@
+name: Simple Deploy
+
+on:
+  push:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+env:
+  NODE_VERSION: '18'
+  VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
+  VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
+
+jobs:
+  deploy:
+    name: Deploy to Production
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+
+      - name: Install Vercel CLI
+        run: npm install --global vercel@canary
+
+      - name: Pull Vercel Environment Information
+        run: vercel pull --yes --environment=production --token=${{ secrets.VERCEL_TOKEN }}
+
+      - name: Build Project Artifacts
+        run: vercel build --prod --token=${{ secrets.VERCEL_TOKEN }}
+
+      - name: Deploy Project Artifacts to Vercel
+        id: deploy
+        run: |
+          url=$(vercel deploy --prebuilt --prod --token=${{ secrets.VERCEL_TOKEN }})
+          echo "Deployed to: $url"
+          echo "production_url=$url" >> $GITHUB_OUTPUT
+
+      - name: Output deployment URL
+        run: |
+          echo "🚀 Deployment successful!"
+          echo "Production URL: ${{ steps.deploy.outputs.production_url }}"