GitHub Community
Permission denied to github-actions[bot] even though PAT has permission #26694
-
|
Hey all, I have an action where I am trying to push a change to the same repo. I am authenticating via personal access token (PAT). For some reason on this repo, the action fails with: I added some debugging to show the authentication state of the PAT. Also Meanwhile, on other repos, I have been able use the same code just fine. I previously had provided the same PAT to both repos, but I have also tried creating a new PAT and adding to the affected repo with no change in behavior. I am guessing there must be something different about this repo that prevents access, but I’m not sure what it could be. I can’t find any difference in the settings. Has anyone encountered this or have ideas on what to check? Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 2 replies
-
|
I notice you don’t set the token in I assume either that’s the difference between your repositories, or the one with the issue has a branch branch protection rule that gets in the way. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for pointing that out, this was exactly it! I added: to |
Beta Was this translation helpful? Give feedback.
-
|
nickderobertis:
I can’t be sure, obviously, but the first thing that comes to mind: In the repository settings you can configure whether the GITHUB_TOKEN should have read-write or read-only access. Maybe that’s different between the repositories? |
Beta Was this translation helpful? Give feedback.
-
Ah, yes, that was the underlying reason. I have no idea how this setting got set differently on the repos as I haven’t touched it. But good to know, thanks so much for your help! |
Beta Was this translation helpful? Give feedback.
-
|
Why does there have to be so many links |
Beta Was this translation helpful? Give feedback.
-
|
Check your workflow permission in remote: Permission to git denied to github-actions[bot].Hi, I am trying to push changes but like you will see it fails due to some erro…rs. Test run is here: Error Part of the gh action: dependabot:
#needs: [build]
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- uses: actions/setup-node@v2
with:
node-version: '14'
- uses: actions/checkout@v2
with:
persist-credentials: false
fetch-depth: 0
- run: |
git config user.name github-actions[bot]
git config user.email github-actions[bot]@users.noreply.github.com
npm version patch -m "[RELEASE] %s"
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}
- uses: fastify/github-action-merge-dependabot@v2.1.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
```</span></p>
</div>
</article>
<div class="onebox-metadata">
</div>
<div style="clear: both"></div>
</aside> |
Beta Was this translation helpful? Give feedback.
{{title}}
{{editor}}'s edit
{{editor}}'s edit
-
|
thanks to @yusukekuro, I found this option in the settings of my repo:
But adding |
Beta Was this translation helpful? Give feedback.
-
|
the solution working for me |
Beta Was this translation helpful? Give feedback.
-
|
Yes, adding only the permission information to the deploy.yml helped |
Beta Was this translation helpful? Give feedback.
I notice you don’t set the token in
actions/checkout, and don’t opt-out of configuring theAuthorizationheader with it either. The result is that your PAT is effectively ignored, the push works if the defaultGITHUB_TOKENis allowed to push.I assume either that’s the difference between your repositories, or the one with the issue has a branch branch protection rule that gets in the way.