Github Workflow / Action commit to repository returning 403
Question:
I have a Github Workflow file where I bump the version of the python package (setup.py) and afterwards I want to push the changes to the repository the workflow runs in. But I get 403 no access granted back
build-package:
permissions:
contents: read
id-token: write
pull-requests: write
issues: write
repository-projects: write
deployments: write
packages: write
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
""" STEPS BETWEEN""""
- name: Set up Python 3.10
uses: actions/setup-python@v1
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install setuptools
python -m pip install wheel
python -m pip install bump
- name: Bump version
run: |
bump --patch
# add step that commits the setup.py and skips the ci/cd
- name: Commit version
run: |
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "bot"
git commit -m "Bump version" setup.py
git push
- name: Build package
run: |
python setup.py sdist bdist_wheel
It returns
fatal: unable to access 'https://github.com/repository/': The requested URL returned error: 403
Answers:
The git commit and push by itself is fine, you’ve just limited the scope of the GITHUB_TOKEN that is used for pushing to read-only.
Convert this:
permissions:
contents: read
To this:
permissions:
contents: write
Do be aware that this will only allow normal code changes to be pushed, and not for workflow files (those have extra security scopes).
I have a Github Workflow file where I bump the version of the python package (setup.py) and afterwards I want to push the changes to the repository the workflow runs in. But I get 403 no access granted back
build-package:
permissions:
contents: read
id-token: write
pull-requests: write
issues: write
repository-projects: write
deployments: write
packages: write
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
""" STEPS BETWEEN""""
- name: Set up Python 3.10
uses: actions/setup-python@v1
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install setuptools
python -m pip install wheel
python -m pip install bump
- name: Bump version
run: |
bump --patch
# add step that commits the setup.py and skips the ci/cd
- name: Commit version
run: |
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "bot"
git commit -m "Bump version" setup.py
git push
- name: Build package
run: |
python setup.py sdist bdist_wheel
It returns
fatal: unable to access 'https://github.com/repository/': The requested URL returned error: 403
The git commit and push by itself is fine, you’ve just limited the scope of the GITHUB_TOKEN that is used for pushing to read-only.
Convert this:
permissions:
contents: read
To this:
permissions:
contents: write
Do be aware that this will only allow normal code changes to be pushed, and not for workflow files (those have extra security scopes).