You're trying to enable "Allow GitHub Actions to create and approve pull requests" but the checkbox isn't available in Settings → Actions → General → Workflow permissions.
This can occur when:
- You don't have admin access to the repository
- The repository is part of an organization with restricted settings
- Organization-level policies override repository settings
- The GitHub plan has limitations
Instead of relying on the default GITHUB_TOKEN, we'll use a Personal Access Token with explicit permissions.
Run this automated script to set everything up:
bash scripts/setup-auto-pr-permissions.shThis script will:
- ✅ Check GitHub CLI is installed and authenticated
- ✅ Guide you through creating a PAT
- ✅ Automatically add the PAT as a repository secret
- ✅ Verify the setup
Time required: ~3 minutes
Via GitHub Web UI:
- Go to: https://github.com/settings/tokens/new
- Fill in:
- Token name:
AUTO_PR_TOKEN - Expiration: 90 days (or your preference)
- Scopes: Select these checkboxes:
- ☑
repo(Full control of private repositories) - ☑
workflow(Update GitHub Action workflows)
- ☑
- Token name:
- Click "Generate token"
- Copy the token (starts with
ghp_orgithub_pat_)⚠️ You won't be able to see it again!
Via GitHub CLI (Alternative):
# Login with required scopes
gh auth login --scopes repo,workflow
# Get your token
gh auth tokenVia GitHub Web UI:
- Go to: https://github.com/Fused-Gaming/DevOps/settings/secrets/actions
- Click "New repository secret"
- Fill in:
- Name:
AUTO_PR_TOKEN - Secret: [paste your token here]
- Name:
- Click "Add secret"
Via GitHub CLI:
# Add secret (will prompt for token)
gh secret set AUTO_PR_TOKEN --repo Fused-Gaming/DevOps
# Verify it was added
gh secret list --repo Fused-Gaming/DevOpsThe workflows in the restored feature branch already have the correct structure. If you see permission errors after merging, update the workflow files to explicitly use the PAT:
# Add this to workflows that create PRs
env:
GH_TOKEN: ${{ secrets.AUTO_PR_TOKEN }}Or for specific steps:
- name: Create PR
env:
GH_TOKEN: ${{ secrets.AUTO_PR_TOKEN }}
run: |
gh pr create --title "..." --body "..."After adding the PAT secret:
# 1. Switch to a test branch
git checkout -b test/permissions-fix
# 2. Make a small change
echo "# Testing auto-PR" >> TEST.md
git add TEST.md
git commit -m "test: verify auto-PR permissions"
# 3. Push to remote
git push -u origin test/permissions-fix
# 4. Watch the workflow run
gh run list --repo Fused-Gaming/DevOps --limit 1Expected result:
- ✅ Workflow runs successfully
- ✅ PR is created automatically
- ✅ No "GitHub Actions is not permitted" errors
- Check secret name: Must be exactly
AUTO_PR_TOKEN(case-sensitive) - Verify secret exists: Run
gh secret list --repo Fused-Gaming/DevOps - Check repository: Make sure you're adding to the correct repo
- Token expired: Create a new token
- Insufficient scopes: Token needs
repoandworkflowscopes - Token revoked: Check https://github.com/settings/tokens
- Workflow permissions: The workflow file needs
permissions:block:permissions: contents: write pull-requests: write
- Check organization settings: Admin may need to allow PAT usage
- Branch protection: Ensure branch rules allow Actions to push
- Workflow logs: Check Actions tab for detailed error messages
- Full setup guide:
.github/workflows/AUTO-PR-SETUP.md - Script source:
scripts/setup-auto-pr-permissions.sh - GitHub Docs: Automatic token authentication
After setup, verify:
- PAT created with
repoandworkflowscopes - PAT added as
AUTO_PR_TOKENrepository secret - Secret visible in: https://github.com/Fused-Gaming/DevOps/settings/secrets/actions
- Test push creates PR automatically
- No permission errors in workflow logs
Once permissions are working:
-
Create the two pending PRs:
-
Future feature branches will auto-create PRs thanks to the restored workflow
-
Monitoring: Watch the Actions tab for the first few runs to ensure everything works
Generated: 2025-11-20 See also: SETUP_NEXT_STEPS.md for complete setup guide