I have created a yml file for CD workflow and when I was trying to push it is giving me error
"refusing to allow a Personal Access Token to create or update workflow .github/workflows/backend-cd.ymlwithoutworkflow scope"
This is my backend-cd.yml file:
name: CD - Deploy Backend
on:
workflow_dispatch:
push:
branches:
- main
paths:
- backend/**
jobs:
deploy:
runs-on: ubuntu-latest
defaults:
repo-token: ${{ secrets.GITHUB_TOKEN }}
run:
working-directory: ./backend
services:
postgres:
image: postgres:14.5
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: 123456789
POSTGRES_DB: customer
ports:
- "5433:5432"
options:
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distributions: "corretto"
java-version: "17"
cache: "maven"
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{secrets.DOCKERHUB_USERNAME}}
password: ${{secrets.DOCKERHUB_ACCESS_TOKEN}}
- name: Set build number
id: build-number
run: echo "BUILD_NUMBER=$(date '+%d.%m.%Y.%H.%M.%S')" >> GITHUB_OUTPUT
- name: Build Package Push with Maven
run: mvn -ntp -B verify -D docker.image.tag=${{steps.build-number.outputs.BUILD_NUMBER}} jib:build
- name: Update Dockerrun.aws.json api image tag with new build number
run: |
echo "Dockerrun.aws.json before updating tag"
cat Dockerrun.aws.json
sed -i -E 's_(ahmadmujtaba200210/fullstack:)([^"]*)_1'${{ steps.build-number.outputs.BUILD_NUMBER }}'_' Dockerrun.aws.json
echo "Dockerrun.aws.json after updating tag"
cat Dockerrun.aws.json
- name: Deploy to Elastic Beanstalk
uses: einaregilsson/beanstalk-deploy@v21
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
application_name: ${{ secrets.EB_APPLICATION_NAME }}
environment_name: ${{ secrets.EB_ENV_NAME }}
version_label: ${{ steps.build-number.outputs.BUILD_NUMBER }}
version_description: ${{github.SHA}}
region: ${{ secrets.EB_REGION }}
deployment_package: backend/Dockerrun.aws.json
- name: Commit and push Dockerrun.aws.json
run: |
git config user.name github-actions
git config user.email [email protected]
git add .
git commit -m "Update Dockerrun.aws.json docker image with new tag ${{ steps.build-number.outputs.BUILD_NUMBER }}" .
git push
I have created a new PAT with all the permissions.
here is a copy-paste description of permissions from the GitHub personal access token.
Read and Write access to actions, actions variables, administration, code, codespaces, codespaces lifecycle admin, codespaces secrets, commit statuses, dependabot secrets, deployments, discussions, environments, issues, merge queues, pages, pull requests, repository advisories, repository hooks, secret scanning alerts, secrets, security events, and workflows
I have tried the following things:
-
I have tried as mentioned on the official documentation of GitHub. GITHUB_TOKEN
-
I have also added the token to the user.password
2
Answers
It looks like the token in use and associated with your github account does not have the permission to update the github workflows.
Add the workflow permission to the token you are using with your github account.
Some pretty good answers on here to help adding the permission.
I’d recommend deleting all your existing PATs and then creating a new one with full permissions. After that, remove the old PAT from your local Mac. When you see the ‘you are not authenticated’ prompt, just input the new PAT.