Skip to content
Latchkey

GitHub Actions peter-evans/create-pull-request 403 / Cannot Create PR

peter-evans/create-pull-request cannot push its branch or open the PR because the token lacks write scope, or because the org/repo setting that lets Actions create PRs is turned off.

What this error means

The action fails with a 403 when pushing the branch or calling the PRs API, or it pushes but errors that GitHub Actions is not allowed to create pull requests.

Actions log
Error: GitHub Actions is not permitted to create or approve pull requests.
# or
remote: Permission to org/repo.git denied to github-actions[bot]. (403)

Common causes

Missing write permissions

The job token needs contents: write to push the branch and pull-requests: write to open the PR. With the default read-only token, both fail.

Org/repo setting blocks Actions PRs

Even with permissions, the "Allow GitHub Actions to create and approve pull requests" setting must be enabled, or GitHub rejects the PR creation outright.

How to fix it

Grant write permissions to the job

.github/workflows/ci.yml
permissions:
  contents: write
  pull-requests: write
jobs:
  pr:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: peter-evans/create-pull-request@v6

Enable the Actions-PR setting or use a PAT

  1. In Settings > Actions > General, enable "Allow GitHub Actions to create and approve pull requests".
  2. For cross-repo or workflow-file changes, pass a PAT (or GitHub App token) via the token input.
  3. Confirm the token has the workflow scope if the PR edits files under .github/workflows.

How to prevent it

  • Declare contents: write and pull-requests: write for PR-creating jobs.
  • Enable the org/repo setting that permits Actions to create PRs.
  • Use a GitHub App token when the default token cannot reach the target.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →