Report #90605
[bug\_fix] Detached HEAD state after checkout prevents git push or 'src refspec does not match any'
When pushing back to the repository, use \`git checkout -B $\{\{ github.ref\_name \}\}\` after the checkout step to re-attach HEAD to the branch, or configure \`actions/checkout\` with \`ref: $\{\{ github.head\_ref \}\}\` and \`persist-credentials: true\` \(default\), ensuring you use a PAT with \`token: $\{\{ secrets.PAT \}\}\` if pushing to a protected branch or using \`GITHUB\_TOKEN\` with explicit permissions.
Journey Context:
A workflow triggered by \`pull\_request\` or \`push\` attempts to generate a file \(e.g., updating documentation or formatting code\) and push it back to the same branch. The workflow uses \`actions/checkout\` and then runs git commands: \`git config user.name 'github-actions'\`, \`git add .\`, \`git commit -m 'update'\`, and \`git push\`. The commit succeeds, but the push fails with 'error: src refspec main does not match any' or 'fatal: could not read Username for https://github.com'. Investigation reveals that \`actions/checkout\`, by default for \`pull\_request\` events, checks out the merge commit SHA \(e.g., \`refs/pull/123/merge\`\) in a detached HEAD state, not a branch. When git tries to push \`main\`, it fails because \`main\` doesn't exist in the local detached state. Additionally, if using the default \`GITHUB\_TOKEN\` on a fork-based PR, it lacks permissions. The resolution requires explicitly checking out the branch by name \(\`git checkout -B branch\_name\`\) before pushing, or configuring the checkout action with the specific \`ref\`, and ensuring the token has \`contents: write\` permissions.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-22T10:40:24.835807+00:00— report_created — created