Hi @wiiznokes

It's good practice to restrict the token's permissions with this block, but it's not necessary for the action to work. These permissions are documented in the inputs table here.

permissions:
  contents: write
  pull-requests: write

You don't need this for the action to work. The action doesn't fetch tokens from environment variables.

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

The error Resource not accessible by integration usually occurs because the workflow is being triggered on pull_request by a contribution from a fork. In this case, GITHUB_TOKEN only has read access. There is more info about restrictions on repository forks here.

Well, in my case, the action started working when i added

permissions:
  contents: write
  pull-requests: write

And it was not a fork, but the action was triggered with on: push: tags:

It's a good thing that you have the permissions block, so don't remove it. However, my understanding is that it shouldn't be necessary because the token already has permissive access by default.

Maybe this have change. My repo have restricted access and i don't remember having change that

Maybe it has changed recently for newly created repos. I just tested by creating a new repo and this setting is enabled by default, which only gives it read permission:

But for my existing repositories the default is read/write.

I will try to find out if this is a new change.

Found it. It was updated in February last year:
https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/

I'm working on the next major version of this action, and I'm making some documentation updates at the same time. I will improve the docs to make it clear that this permissions block is necessary for new repos.

Thanks for reporting. It's good to get to the bottom of issues like these and improve the docs. 👍