GitHub Actions Workflow Permissions

Issue: "GitHub Actions is not permitted to create or approve pull requests"

If you see this error, it means the repository settings need to be configured to allow GitHub Actions to create pull requests.

Solution

Step 1: Check Repository Settings

1. Go to your repository on GitHub
2. Click Settings (top menu)
3. Go to Actions → General
4. Scroll down to Workflow permissions
5. Select one of these options:

Option A: Read and write permissions (Recommended) - Select: "Read and write permissions" - ✅ Check: "Allow GitHub Actions to create and approve pull requests" - Click Save

Option B: Read repository contents and packages permissions - Select: "Read repository contents and packages permissions" - ✅ Check: "Allow GitHub Actions to create and approve pull requests" - Click Save

Step 2: Verify Workflow Permissions

The workflow file should have these permissions:

permissions:
  contents: write
  pull-requests: write
  issues: write

This is already configured in .github/workflows/discover-versions.yml.

Step 3: Verify GITHUB_TOKEN

The workflow uses ${{ secrets.GITHUB_TOKEN }} which is automatically provided by GitHub Actions. This token has the permissions specified in the workflow file.

Alternative: Use Personal Access Token

If repository settings can't be changed, you can use a Personal Access Token (PAT):

1. Create a PAT:
2. Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
3. Click "Generate new token (classic)"
4. Give it a name (e.g., "TSI Workflow PR")
5. Select scopes:
   • repo (full control of private repositories)
   • workflow (update GitHub Action workflows)
6. Click "Generate token"

7. Copy the token (you won't see it again!)

8. Add as Secret:

9. Go to repository → Settings → Secrets and variables → Actions
10. Click "New repository secret"
11. Name: WORKFLOW_TOKEN
12. Value: Paste your PAT

13. Click "Add secret"

14. Update Workflow: Change the workflow to use the PAT:

    - name: Create Pull Request
      uses: peter-evans/create-pull-request@v6
      with:
        token: ${{ secrets.WORKFLOW_TOKEN }}  # Changed from GITHUB_TOKEN
    

Verification

After making these changes:

1. Re-run the workflow:
2. Go to Actions tab
3. Find the failed workflow run

4. Click "Re-run all jobs"

5. Check the logs:

6. The workflow should now successfully create pull requests
7. Look for "Created pull request" in the logs

Troubleshooting

Still Getting Permission Errors?

1. Check if you're the repository owner/admin:
2. Only owners and admins can change workflow permissions

3. If you're not, ask a repository admin to make the change

4. Check organization settings (if repository is in an organization):

5. Organization settings may override repository settings
6. Go to Organization → Settings → Actions → General

7. Check workflow permissions settings

8. Verify the workflow file:

9. Make sure permissions are correctly set

10. Check that pull-requests: write is included

11. Check branch protection rules:

12. Some branches may have protection rules that prevent PR creation
13. The workflow creates PRs to main by default
14. Ensure the target branch allows PRs from workflows

See Also

• GitHub Actions Permissions
• Workflow Automation
• Trigger Workflow