Actions only work when triggered manually

When running an action I am getting an error “Error: Resource not accessible by integration” and the check fails, however if I go back and “Re-run jobs” it works.

This is happening with two of my actions, one of them is below. It fails on the "Produce Coverage report, I assume when getting GITHUB.TOKEN:

>   name: API CI - PR
> 
> on:
>   push:
>     branches: [ master, develop ]
> 
>   pull_request:
>     types: [ opened, synchronize, reopened ]
>     branches: [ develop ]
> 
> jobs:
> 
>   build:
>     name: Build, Lint and Unit Test
>     runs-on: ubuntu-latest
>     steps:
> 
>       - name: Checkout Codebase
>         uses: actions/checkout@v2
> 
>       - name: Setup Node version
>         uses: actions/setup-node@v1
>         with:
>           node-version: 12.15.0
> 
>       - name: Cache the node modules folder
>         uses: actions/cache@v2
>         with:
>           path: ~/.npm
>           key: se-api-packages-${{ hashFiles('**/package-lock.json') }}
>           restore-keys: se-api-packages-
> 
>       - name: Install Dependencies
>         run: npm ci
> 
>       - name: Run Build
>         run: npm run build
> 
>       - name: Run Linter
>         run: npm run lint
> 
>       - name: Create coverage folder
>         run: mkdir -p coverage
> 
>       - name: Execute Unit Tests
>         run: npm run test:cov
> 
>       # set the only_changed_files to true on PR based builds, otherwise show full coverage
>       - name: Produce Coverage report 
>         uses: 5monkeys/cobertura-action@master
>         with:
>           path: coverage/cobertura-coverage.xml
>           repo_token: ${{ secrets.GITHUB_TOKEN }}
>           only_changed_files: ${{github.base_ref != null}}
>           show_line: true
>           show_branch: true
>           minimum_coverage: 80

I am not sure what to do to troubleshoot this. These actions were created by someone else who has left our org so it would make sense that something is associated with their account which no longer has rights to see our secrets (and I do so it works when I run it manually)?

Do I guess correctly that the “Produce Coverage report” step tries to commit and push the report? Does the problem occur with a push or pull_request event?