Skip to content
Latchkey

GitHub Actions "Resource not accessible" Creating a Deployment Status

A step that creates a deployment or updates a deployment status fails because the workflow GITHUB_TOKEN does not have the deployments: write scope, which is not granted by default under restricted permissions.

What this error means

A call to the deployments API (directly, via github-script, or an action) returns "Resource not accessible by integration" while other steps succeed.

Actions log
RequestError [HttpError]: Resource not accessible by integration
  status: 403
  POST /repos/org/repo/deployments

Common causes

Missing deployments: write permission

When the workflow uses restricted default permissions, deployments: write must be granted explicitly for the token to create deployments or statuses.

Default read-only token

Repos with read-only default workflow permissions give the token no write scopes at all, so any deployment write is denied until you opt in.

How to fix it

Grant deployments: write

.github/workflows/deploy.yml
permissions:
  contents: read
  deployments: write
jobs:
  deploy:
    runs-on: ubuntu-latest

Scope permissions to the job that needs them

  1. Declare permissions at the job level so only the deploy job gets write scope.
  2. Keep all other scopes at read or none to follow least privilege.
  3. If using the Deployments/Environments UI, ensure the environment also allows the branch.

How to prevent it

  • Grant deployments: write only on jobs that write deployments.
  • Default the rest of the permissions block to read.
  • Pair deployment writes with an environment for visibility and gating.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →