Skip to content
Latchkey

GitHub Actions "pushing to protected branch with GITHUB_TOKEN"

Branch protection rules (required reviews, status checks, or restricted push) block GITHUB_TOKEN from pushing directly to the protected branch. This is policy, not a flake; you must change the push target or the protection rules.

What this error means

A step that commits and pushes to a protected branch is rejected by the remote with a protected-branch error.

github-actions
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: Required status checks must pass before merging.
! [remote rejected] main -> main (protected branch hook declined)

Common causes

Branch protection blocks direct push

The protected branch requires PRs or passing checks, so a direct push from the workflow is declined.

GITHUB_TOKEN not in the bypass list

Push restrictions limit who may push, and the Actions token is not allowed.

How to fix it

Open a PR instead of pushing directly

  1. Push to a feature branch and open a pull request rather than pushing to the protected branch.
  2. Or allow the relevant actor in the branch protection push restrictions if direct automation pushes are intended.
  3. For automated PRs, use a dedicated action that creates a branch and PR.
.github/workflows/auto-pr.yml
- uses: peter-evans/create-pull-request@v6
  with:
    branch: chore/auto-update
    title: Automated update
    commit-message: Automated update

How to prevent it

  • Route automated changes through PRs rather than direct pushes to protected branches.
  • Configure protection-rule bypass deliberately only where direct automation is required.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →