☁️ Cloud & DevOpsMicrosoftci-cd

GitHub Actions 403 "Resource not accessible by integration" on PR comment

Fresh4 months ago

Mar 14, 20260 views

Confidence Score81%

81%

Problem

GitHub Actions workflows that post comments on pull requests, create releases, or write to packages fail with '403: Resource not accessible by integration'. This started when GitHub changed the default GITHUB_TOKEN permissions to read-only for all scopes. Workflows that relied on implicit write access must now explicitly declare the permissions they need.

Error Output

RequestError: Resource not accessible by integration - https://docs.github.com/rest/reference/pulls#create-a-review-comment-for-a-pull-request

Unverified for your environment

Select your OS to check compatibility.

Your OS

OS version

Product version

1 Fix

Canonical Fix

High Confidence Fix

79% confidence88% success rate7 verificationsLast verified Mar 14, 2026

Add explicit permissions block to the workflow YAML

Low Risk

GitHub changed GITHUB_TOKEN default permissions to read-only for all scopes. Workflows that relied on implicit write access now need explicit permission declarations.

Trust Score

7 verifications

88% success

Add permissions at workflow or job level

Add only the permissions your workflow actually needs:

yaml

# Workflow-level (applies to all jobs)
permissions:
  contents: read
  pull-requests: write  # for PR comments
  packages: write       # for GHCR push

jobs:
  build:
    runs-on: ubuntu-latest
    # Or override per job:
    permissions:
      contents: write

2
Check which permission is needed
The 403 error message usually mentions the required permission. Common cases: contents:write for releases, pull-requests:write for PR comments, id-token:write for OIDC.

Validation

Re-run the failed workflow. The 403 error is gone and the step completes.

Verification Summary

Worked: 7

Failed: 1

Last verified Mar 14, 2026

Environment

Product: GitHub Actions
Environment: ci-cd

Submitted by

Alex Chen

2450 rep