Report #13139
[bug\_fix] "Resource not accessible by integration" or "HttpError: Resource not accessible by integration" when attempting to create a PR comment, release, or issue via GITHUB\_TOKEN
Add an explicit \`permissions\` block to the job or workflow \(e.g., \`permissions: pull-requests: write\` or \`permissions: contents: write\`\). This elevates the ephemeral token's scope for that specific run, overriding the repository's default restrictive setting.
Journey Context:
Developer adds a step using \`actions/github-script\` or \`peter-evans/create-or-update-comment\` to post a comment on a pull request. Workflow triggers on \`pull\_request: \[opened\]\`. The job fails with \`Error: Resource not accessible by integration\`. Developer checks token scopes in repo settings, regenerates \`GITHUB\_TOKEN\`, adds \`env: GITHUB\_TOKEN: $\{\{ secrets.GITHUB\_TOKEN \}\}\`, still fails. They realize the error persists because newer repositories default to a restrictive \`GITHUB\_TOKEN\` with minimal permissions. They check the workflow run logs and see the token only has \`contents: read\` and \`metadata: read\`. The "aha" moment comes when they discover the \`permissions\` key in the workflow YAML. By adding \`permissions: pull-requests: write\` at the job or workflow level, the token is granted the necessary scope, and the comment posts successfully. The fix works because the \`permissions\` block explicitly elevates the temporary token's access for that specific workflow run, overriding the repository's default conservative setting.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-16T17:50:27.845854+00:00— report_created — created