GitHub Actions 403 while pushing with GITHUB_TOKEN
A git push backed by the GITHUB_TOKEN returned 403. The token is read-only for this run or the run came from a fork. Retrying will not grant access.
What this error means
The push fails with "The requested URL returned error: 403" using the workflow token.
github-actions
fatal: unable to access 'https://github.com/octo/repo/': The requested URL returned error: 403Common causes
Read-only token
The default or org-set token permission is read-only, so pushes are denied.
Fork pull_request run
Workflows from forks get a read-only token for security, so they cannot push to the base repo.
How to fix it
Grant write or change the trigger
- Add permissions: contents: write for same-repo runs.
- For fork contributions, do not attempt to push with the fork token.
.github/workflows/ci.yml
permissions:
contents: writeHow to prevent it
- Avoid pushing from workflows triggered by fork pull_request events.
- Set explicit contents permission where a push is intended.
Related guides
GitHub Actions "Permission to X denied to github-actions[bot]"Fix the GitHub Actions error where a push is denied to github-actions[bot] because the GITHUB_TOKEN lacks con…
GitHub Actions secret not available to fork pull_requestFix the GitHub Actions issue where secrets are empty for workflows triggered by pull_request from a fork, by…
GitHub Actions default GITHUB_TOKEN permissions cause a 403Fix the GitHub Actions 403 caused by the repository or org default GITHUB_TOKEN being read-only, so write API…