Permission denied on git push

[pgrange]

I copy/pasted the first exemple from the README and see that it will always fail for a permission denied at the git push step.

Step to reproduce: copy/paste the exemple from the README and adjust it (here I point to version 19 of the action and I also activate the workflow when pushing on the dependencies_update branch:

name: update-flake-lock
on:
  push:
    branches:
      - dependencies_update
  workflow_dispatch: # allows manual triggering
  schedule:
    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00

jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@v19
        with:
          pr-title: "Update flake.lock" # Title of PR to be created
          pr-labels: |                  # Labels to be set on the PR
            dependencies
            automated

Then push and see the error in the action execution output:

Pushing pull request branch to 'origin/update_flake_lock_action'
  /usr/bin/git push --force-with-lease origin HEAD:refs/heads/update_flake_lock_action
  remote: Permission to pgrange/hydra.git denied to github-actions[bot].
  fatal: unable to access 'https://github.com/pgrange/hydra/': The requested URL returned error: 403
  Error: The process '/usr/bin/git' failed with exit code 128

Here is the full action output: job 8691097940

Here is the workflow file for this particular run: dependencies-update.yaml.

[pgrange]

Changing the permissions of the Workflows in the repository settings fixed the issue.

I would suggest to explain that in the README:

• Go to repository settings / Actions / general
• In Workflow permissions:
  • give Read and write permission
  • Allow GitHub Actions to create and approve pull requests