Github 工作流/操作提交到存儲庫返回 403

Question

我有一個 Github 工作流文件，我在其中修改了 python package (setup.py) 的版本，之后我想將更改推送到工作流運行的存儲庫。但是我得到 403 沒有訪問權限

  build-package:
    permissions:
      contents: read
      id-token: write
      pull-requests: write
      issues: write
      repository-projects: write
      deployments: write
      packages: write
      

    runs-on: ubuntu-latest
    needs: test
    steps:
      - uses: actions/checkout@v3
      """ STEPS BETWEEN""""
      
      
      - name: Set up Python 3.10
        uses: actions/setup-python@v1
        with:
          python-version: "3.10"
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          python -m pip install setuptools
          python -m pip install wheel
          python -m pip install bump
      - name: Bump version
        run: |
          bump --patch
          # add step that commits the setup.py and skips the ci/cd
      - name: Commit version
        run: |
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          git config --global user.name "bot"
          git commit -m "Bump version" setup.py
          git push

      - name: Build package
        run: |
          python setup.py sdist bdist_wheel

它返回

fatal: unable to access 'https://github.com/repository/': The requested URL returned error: 403

Answer 1

git 提交和推送本身就可以了，你只是將用於推送的 GITHUB_TOKEN 的 scope 限制為read-only 。

轉換這個：

 permissions:
      contents: read

對此：

 permissions:
      contents: write

請注意，這將只允許推送正常的代碼更改，而不是工作流文件（那些具有額外的安全范圍）。