Issue

When trying to sync my Github repository the following error occurs: 

Pushing synced data to target branch.
To https://github.com/_/panther-analysis.git
! [remote rejected] sync_upstream_v3.25.0 -> sync_upstream_v3.25.0 (refusing to allow a GitHub App to create or update workflow .github/workflows/release.yml without workflows permission)
error: failed to push some refs to 'https://github.com/ /panther-analysis.git'
ERROR: exit 1

Resolution

To resolve this issue:

  1. Create a new Personal Access Token (PAT) via the classic method in your GitHub Profile.

    • The Scopes you need are repo and workflow.

  2. In your repository, create a repository secret that uses your PAT.Repository > Settings > Secrets and Variables > Actions > New Secret.

    • The name is what you will use when updating the GitHub Action, and the value is what was generated when creating your PAT.

  3. Modify the sync-panther-analysis-from-upstream GHA to use your PAT:
    Line 35: change ${{ secrets.GITHUB_TOKEN }} to ${{ secrets.YOUR_TOKEN }}
    Insert a line after line 42: token: ${{ secrets.YOUR_TOKEN }}

  4. Run workflow to validate.

Cause

This occurs when your GitHub Action is using a GITHUB_TOKEN which doesn't have the permission to edit workflows. This means that when Panther's upstream introduces a change to one of the workflow files, the GHA will fail, and you will need to manually perform the merge.

To prevent this, create a new token or edit the default one, and include the proper permissions to edit workflows.