Skip to content
Latchkey

GitHub Actions github-script "HttpError: Resource not accessible by integration"

github-script uses GITHUB_TOKEN, whose scopes are governed by the workflow/job permissions block. A script that writes issues, PRs, or contents fails with 403 unless those scopes are granted.

What this error means

An actions/github-script step throws "HttpError: Resource not accessible by integration" (403) when calling a write API, while read calls succeed.

github-actions
HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/actions/github-script/v7/dist/index.js

Common causes

Missing permission scope

The workflow/job permissions block does not grant the scope (issues: write, pull-requests: write, contents: write) the script needs.

Default token restricted org-wide

Org policy set the default GITHUB_TOKEN to read-only, so writes require an explicit permissions grant.

How to fix it

Grant the required permission scopes

  1. Add a permissions: block with the exact write scopes the script uses.
  2. Place it at job or workflow level as appropriate.
  3. For cross-repo writes, pass a PAT/App token instead.
.github/workflows/ci.yml
permissions:
  issues: write
  pull-requests: write
steps:
  - uses: actions/github-script@v7
    with:
      script: |
        await github.rest.issues.createComment({ owner, repo, issue_number, body: 'hi' });

How to prevent it

  • Grant least-privilege permissions matching the script's API calls.
  • Account for org-default read-only token policies.
  • Use a dedicated token for cross-repo writes.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →