Skip to content
Latchkey

GitHub Actions "deployment status write denied"

Updating a deployment status (in_progress, success, failure) via the API requires deployments: write. Without it the status update is rejected, which can leave a deployment stuck in pending. This is a permission gap.

What this error means

A step that posts a deployment status fails with a 403 resource-not-accessible error, and the deployment never reflects its final state.

github-actions
Error: Resource not accessible by integration
POST /repos/owner/repo/deployments/123/statuses -> 403

Common causes

Missing deployments: write

The job token cannot write deployment statuses without the deployments scope.

Top-level permissions strip deployments

A restrictive top-level permissions block removes the deployments scope from the job.

How to fix it

Grant deployments: write

  1. Add deployments: write to the job permissions.
  2. Confirm no top-level permissions block removes it.
  3. Re-run; the status update now succeeds.
.github/workflows/deploy.yml
  deploy:
    permissions:
      deployments: write
      contents: read

How to prevent it

  • Grant deployments: write on jobs that post deployment statuses.
  • Audit top-level permissions so they do not silently strip deployments.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →