githubgithub-actions

can't make push on a repo with github actions


I am new to Github Actions, I am trying to automate a process, and I am doing the follow:

name: Versioning

on:
  pull_request_review:
    types:
      - submitted

jobs:
  update-version:
    if: github.event.review.state == 'approved' && github.event.pull_request.state == 'open'
runs-on: windows-latest

steps:
  - name: Checkout repository
    uses: actions/checkout@v2
    with:
      ref: ${{ github.event.pull_request.head.ref }}
      fetch-depth: 0

  - name: Update Version
    shell: pwsh
    run: |
      $baseRef = "${{ github.event.pull_request.base.ref }}"
      $headRef = "${{ github.event.pull_request.head.ref }}"
      
      $wixInstallerPath = "MyApp X86 Installer/Product.wxs"
      $wixInstaller = Get-Content -Path $wixInstallerPath
      $minor = [regex]::Match($wixInstaller, '(?<=<Product[^>]*Version=")\d+\.\d+\.(\d+)').Groups[1].Value
      $revision = [regex]::Match($wixInstaller, '(?<=<Product[^>]*Version="\d+\.\d+\.\d+\.)(\d+)').Groups[1].Value
      
      $oldVersion = "$baseRef.$minor.$revision"
      
      if ($headRef.StartsWith("feature-")) {
        $minor = [int]$minor + 1
        $revision = 0
      } else {
        $revision = [int]$revision + 1
      }

      $newVersion = "$baseRef.$minor.$revision"

      # Update WiX installer file
      (Get-Content -Path $wixInstallerPath) -replace '(?<=<Product[^>]*Version=")\d+\.\d+\.\d+\.\d+', $newVersion | Set-Content -Path $wixInstallerPath
      
      $repoPath = "https://${{ secrets.GITHUB_TOKEN }}@github.com/bioacesso/gerenciador-facial.git";
      
      # Commit the changes
      git config --global user.name "Mybot"
      git config --global user.email "github@myapp.net"
      git add -u
      git commit -m "Please work"
      git push --repo=$repoPath

I am getting this error:

1 file changed, 1 insertion(+), 1 deletion(-)
remote: Write access to repository not granted.
fatal: unable to access 'https://github.com/myapp/myapp.git/': The requested URL returned error: 403

I have tried using my own token with all grants, i have tried using secrets, and even push the access token directly into code, with and without the username. But the error persists.

Any ideas?


Solution

  • Depending on your org- and repo-level configuration settings for actions, the default GITHUB_TOKEN has only read access. You can elevate permissions at the workflow level or at the job level.

    For example, to allow writing content for your job:

    jobs:
      update-version:
        if: >-
          github.event.review.state == 'approved'
            && github.event.pull_request.state == 'open'
        runs-on: windows-latest
        permissions:
          contents: write