Report #7421
[bug\_fix] GitHub Actions workflow fails with 'Resource not accessible by integration' or 403 Forbidden when attempting to create PR comments, releases, or push using GITHUB\_TOKEN
Explicitly declare the required permissions in the workflow YAML using the \`permissions:\` key at the workflow or job level \(e.g., \`permissions: contents: write, pull-requests: write\`\). Root cause: In February 2023, GitHub changed the default permission for the \`GITHUB\_TOKEN\` from permissive \(read/write\) to restricted \(read-only\) for new repositories and existing public repositories, breaking workflows that assumed write access by default.
Journey Context:
A developer has a workflow that uses \`actions/github-script\` to post a comment on a pull request with build results. The workflow has worked for months in a private repository. After transferring the repository to an organization, the workflow suddenly starts failing on the step that creates the comment, showing 'Resource not accessible by integration'. The developer checks the repository settings and confirms that Actions are enabled. They try re-generating the token, but the error persists. Searching the error message leads to a GitHub Blog changelog entry from February 2023 titled 'GitHub Actions: Preventing pwn requests'. The developer realizes that the organization was created after the default permission change, so the \`GITHUB\_TOKEN\` is read-only by default. They examine the workflow file and see no \`permissions:\` block. Adding \`permissions: pull-requests: write\` at the job level immediately resolves the issue on the next run.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-16T02:42:00.183608+00:00— report_created — created