Creating a workflow with a GitHub app

I’m attempting to have my Github App create a workflow file in a repo, but it is failing with a 403 and “Resource not accessible by integration”. I’m attempting to use the following API endpoint:

PUT to https://api.github.com/repos/{owner}/{repo}/contents/.github/workflows/testfile.yml

My GitHub app has the following permissions:

  • Read access to environments and metadata
  • Read and write access to actions, deployments, and workflows

Note that the app does NOT have the contents permissions (on purpose) - which is why I think this failure is occurring - but I can’t find any docs to indicate that I can update workflows via a different API endpoint? I was assuming that the workflow permission would cover this endpoint.

To update the permissions given to the access token that I generate are:

{"token":"ghs_XXXXXXXXX","expires_at":"2021-11-29T21:29:33Z","permissions":{"actions":"write","deployments":"write","environments":"read","metadata":"read","single_file":"read","workflows":"write"},"repository_selection":"all"]}