githubgithub-actionsaccess-tokengithub-secret

Github Actions - Write access to repository is not granted


The problem

I have a private repository that I am trying to add python-semantic-release to the GitHub Actions.

When trying to increment the version number, I am getting the error that I don't have write access to the repository. I have used the Github Classic PAT and Fine grained PAT and both don't work. I gave all repo permissions just to ensure that I wasn't messing anything up.

I also echoed my my secrets.TOKEN in GitHub Actions to make sure that they were being called properly as well.

Why am I getting a write error even though I have generated the access token with ALL permissions to to the repository?

main.yml
name: Semantic Release

on:
  push:
    branches:
      - main

jobs:
  release:
    runs-on: ubuntu-latest
    concurrency: release

    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Step 1 - Echo out a GitHub Actions Secret to the logs
        run: |
          echo "The GitHub Action Secret will be masked:  "
          echo ${{ secrets.TOKEN }}
          echo "Trick to echo GitHub Actions Secret:  "
          echo ${{secrets.TOKEN}} | sed 's/./& /g'
          echo ${{secrets.USERNAME}} | sed 's/./& /g'
      - name: Print repository URL
        run: |
          echo $(git remote get-url origin)
      - name: Python Semantic Release
        uses: relekang/python-semantic-release@master
        with:
          github_token: ${{ secrets.TOKEN }}
          repository_username: __token__
pyproject.toml
[tool.semantic_release]
version_variable = "setup.py:__version__"
branch = "main"
upload_to_repository = false

setup.py
from setuptools import setup

__version__ = "1.0.1"

setup(
   name="pmp-otk",
   version=__version__,
   # And so on...!!!!!!
)
debug log
debug: * We fixed the damn bug ([`6d6667a`](https://github.com/***/pmp-otk-sandbox/commit/6d6667afde48fbd3cbdabaa048989379b7216ea9))')
warning: Changelog file not found: /github/workspace/CHANGELOG.md - creating it.
debug: update_additional_files()
Bumping with a patch version to 1.0.2
debug: set_new_version('1.0.2')
debug: Writing new version number: path=PosixPath('setup.py') pattern='__version__ *[:=] *["\\\'](\\d+\\.\\d+\\.\\d+(-beta\\.\\d+)?)["\\\']' num_matches=1
debug: set_new_version -> True
debug: commit_new_version('1.0.2')
debug: commit_new_version -> [main [64](https://github.com/shawnesquivel/pmp-otk-sandbox/actions/runs/4018206730/jobs/6903535852#step:6:65)d5a24] 1.0.2
debug:  2 files changed, 8 insertions(+), 1 deletion(-)
debug:  create mode 100644 CHANGELOG.md
debug: tag_new_version('1.0.2')
debug: tag_new_version -> 
Pushing new version
debug: get_hvcs()
debug: get_hvcs -> <class 'semantic_release.hvcs.Github'>
debug: get_hvcs()
debug: get_hvcs -> <class 'semantic_release.hvcs.Github'>
debug: push_new_version(, auth_token='***', owner='***', name='pmp-otk-sandbox', branch=main, domain='github.com')
error: Cmd('git') failed due to: exit code(128)
error:   cmdline: git push ***github.com/***/pmp-otk-sandbox.git main
error:   stderr: 'remote: Write access to repository not granted.
error: fatal: unable to access 'https://github.com/***/pmp-otk-sandbox.git/': The requested URL returned error: 403'

Expected behavior

I expected to increment the version, and to not have and write access issues.

Additional context

Example commit:

git commit -m "fix: we fixed the damn bug"

Solution

  • Go to your repository setting Actions -> General, then make sure Actions permissions is set to Allow, and make sure Workflow permissions is set to Read and write permissions.

    If that is grayed out, go to your organization settings Actions -> General, it will have similar settings there.

    Also, make sure to set the following permission in your yaml file:

    permissions:
      contents: write
    

    Write implies read and write permission.