I switched to using a classic PAT from the machine account with "repo" and "workflow" scope and then it worked.

I have tried using a fine grained PAT again and giving it every possible permission to the machine account and all of its repos but it still fails to open the pull request.

Maybe it is just not possible to get this setup working with a fine grained PAT.

Hi @oscarbenjamin

Maybe it is just not possible to get this setup working with a fine grained PAT.

That would not surprise me. Fine-grained access tokens are still in beta and I know that GitHub's GraphQL API is not supported yet. This action uses the REST API, which supposedly is supported, but perhaps some edge cases are not covered yet.

Error: Resource not accessible by personal access token

I've not seen this error message before, and it seems likely that the meaning is that the new fine-grained access tokens aren't supported for that particular case.

For what it's worth: I just ran into the same problem when trying to use a fine-grained PAT:

Create or update the pull request
  Attempting creation of pull request
  Error: Resource not accessible by personal access token

I wanted to use a fine-grained PAT so I can constrain the token to a specific repository (the fork in which branches should be created), and I gave the permissions that made sense: read-write for Contents and Pull requests (and Metadata read-only, but that's an implied one).

That didn't work, so I had to resort to a classic token with repo and workflow permissions

@oscarbenjamin @boegel

For the upcoming v7 release I've been doing lots of testing and I think I understand why this wasn't working for you both. I've managed to get fine-grained PATs working with push-to-fork, but there are limitations, which may make it not viable for your particular cases.

Please read the new documentation for the v7 release at the following link. If it's not clear and you don't understand how it applies to your case, please let me know.
https://github.com/peter-evans/create-pull-request/blob/signed-commits/docs/concepts-guidelines.md#pushing-to-a-fork-with-fine-grained-permissions

You can try the release candidate for v7 like this:

- uses: peter-evans/create-pull-request@v7-rc

Thanks @peter-evans for working on this!

I would like to test this out and give feedback but:

I have moved on now from my original problem that motivated this. I am even a little confused reading my comments above and trying to remember what I was doing when I opened the issue...

Unfortunately that means that I do not have an easy way to test this any more.

@peter-evans Thanks a lot for the extra info, the documentation makes sense to me, except for one part:

"The parent and fork both have the same owner."

This should be clarified, I think. What's owner here? If parent is peter-evans/create-pull-request and fork is boegel/create-pull-request, doesn't that imply different owners?

I haven't tried it yet, but I'll try to get back to this the next time I need to refresh the classic token, I'll try to use a fine-grained PAT then using v7-rc (or another more recent tag/commit).

@boegel Thanks for reviewing the documentation.

The parent and fork both have the same owner

This basically means the parent and fork are in the same org. I will clarify that in the docs.