Report #42938
[bug\_fix] Resource not accessible by integration \(403\) when creating releases, writing to repository, or accessing GitHub API using GITHUB\_TOKEN in workflow
Explicitly declare the required permissions in the workflow YAML using the permissions key \(e.g., permissions: contents: write\) to override the restrictive default read-only setting, rather than using a Personal Access Token
Journey Context:
The developer pushes a workflow using softprops/action-gh-release to create a release. It works perfectly in their personal private repository testing. They transfer the workflow to an organization repository, and suddenly every run fails with "Resource not accessible by integration" when attempting to POST to the releases endpoint. They check the token scope, regenerate secrets, and even try using a PAT with repo scope, but the error persists. After hours of searching through GitHub changelogs, they stumble upon the February 2023 announcement that new repositories and organizations now default to restricted GITHUB\_TOKEN permissions for enhanced security. Checking the repository Settings > Actions > General, they see the "Workflow permissions" is set to "Read repository contents and packages permissions" only. They realize the GITHUB\_TOKEN is restricted by default in this organization, and the action cannot create releases. The fix works because explicitly setting permissions: contents: write in the workflow YAML overrides the repository's restrictive default, granting the token the necessary scope to create releases without resorting to a less secure PAT that would expose broader permissions
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-19T02:32:43.435121+00:00— report_created — created