GitHub Actions softprops/action-gh-release "Resource not accessible by integration"
Creating a GitHub release requires the workflow token to have contents: write. With the default read-only token, softprops/action-gh-release gets a 403 when it tries to create the release or upload assets.
What this error means
An action-gh-release step fails with "Resource not accessible by integration" while creating the release or uploading assets.
github-actions
Error: Resource not accessible by integration
HttpError: Resource not accessible by integration (createRelease)Common causes
Default token is read-only
Repositories with the default read-only GITHUB_TOKEN do not allow release creation without an explicit contents: write grant.
Triggered from a fork
Pull requests from forks get a read-only token regardless of permissions, so release creation is blocked.
How to fix it
Grant contents: write
- Add permissions: contents: write to the job (or workflow).
- Run release jobs on push/tag events, not fork PRs.
- Confirm the tag/ref the release targets exists.
.github/workflows/release.yml
permissions:
contents: write
steps:
- uses: softprops/action-gh-release@v2
with:
files: dist/*How to prevent it
- Set least-privilege permissions explicitly per job.
- Gate release jobs to trusted triggers, not fork PRs.
Related guides
GitHub Actions ncipollo/release-action "tag already exists"Fix ncipollo/release-action failures when a release or tag already exists - without allowUpdates the action e…
GitHub Actions JamesIves/github-pages-deploy-action "permission denied"Fix JamesIves/github-pages-deploy-action permission-denied push errors - the token cannot push to the deploy…
GitHub Actions actions/attest-build-provenance "id-token permission"Fix actions/attest-build-provenance failures - the job lacks id-token: write or attestations: write needed to…