Skip to content
Latchkey

GitHub Actions GITHUB_TOKEN "cannot access another repository"

The automatic GITHUB_TOKEN is scoped to the repository running the workflow. Any call targeting a different repo (clone, dispatch, API write) returns 403/404 because the token has no rights outside its own repo.

What this error means

A step touching a second repository fails with not found or resource not accessible while same-repo calls work.

github-actions
RequestError [HttpError]: Not Found
The GITHUB_TOKEN is scoped to this repository and cannot access another repository.
    status: 404

Common causes

Cross-repo access with GITHUB_TOKEN

GITHUB_TOKEN permissions do not extend beyond the workflow repository by design.

How to fix it

Use a dedicated credential for the other repo

  1. Create a GitHub App installation token or a fine-grained PAT with access to the target repo.
  2. Store it as a secret and pass it to the cross-repo step instead of GITHUB_TOKEN.
.github/workflows/sync.yml
- uses: actions/checkout@v4
  with:
    repository: org/other-repo
    token: ${{ secrets.CROSS_REPO_TOKEN }}

How to prevent it

  • Reserve GITHUB_TOKEN for same-repo operations.
  • Use a least-privilege App token for cross-repo automation.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →