Skip to content
Latchkey

GitHub Actions 403 while pushing with GITHUB_TOKEN

A git push backed by the GITHUB_TOKEN returned 403. The token is read-only for this run or the run came from a fork. Retrying will not grant access.

What this error means

The push fails with "The requested URL returned error: 403" using the workflow token.

github-actions
fatal: unable to access 'https://github.com/octo/repo/': The requested URL returned error: 403

Common causes

Read-only token

The default or org-set token permission is read-only, so pushes are denied.

Fork pull_request run

Workflows from forks get a read-only token for security, so they cannot push to the base repo.

How to fix it

Grant write or change the trigger

  1. Add permissions: contents: write for same-repo runs.
  2. For fork contributions, do not attempt to push with the fork token.
.github/workflows/ci.yml
permissions:
  contents: write

How to prevent it

  • Avoid pushing from workflows triggered by fork pull_request events.
  • Set explicit contents permission where a push is intended.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →