Thank you for pointing that out, this was exactly it! I added:

with:
  token: ${{ secrets.GH_TOKEN }}

to actions/checkout@v3 and it solved the issue. Still not sure why I didn’t need that on other repos, but I will update them all to do this now that I know it was not using the PAT.

Still not sure why I didn’t need that on other repos

I can’t be sure, obviously, but the first thing that comes to mind: In the repository settings you can configure whether the GITHUB_TOKEN should have read-write or read-only access. Maybe that’s different between the repositories?

In the repository settings you can configure whether the GITHUB_TOKEN should have read-write or read-only access. Maybe that’s different between the repositories?

Ah, yes, that was the underlying reason. I have no idea how this setting got set differently on the repos as I haven’t touched it. But good to know, thanks so much for your help!

Why does there have to be so many links

Check your workflow permission in Settings > Actions > General .
To push a commit, workflow needs to have write permission.

  <a href="https://github.com/ad-m/github-push-action/issues/96#issuecomment-889984928" target="_blank" rel="noopener nofollow ugc">github.com/ad-m/github-push-action</a>

<div class="github-info">
  <div class="date">
    opened <span class="discourse-local-date" data-format="ll" data-date="2021-07-29" data-time="18:27:02" data-timezone="UTC">06:27PM - 29 Jul 21 UTC</span>
  </div>


  <div class="user">
    <a href="https://github.com/Shaquu" target="_blank" rel="noopener nofollow ugc">
      <img alt="Shaquu" src="https://user-images.githubusercontent.com/40115800/181099273-86bc3c76-709d-450f-9d9f-1a5b40eef615.jpeg" class="onebox-avatar-inline" width="20" height="20">
      Shaquu
    </a>
  </div>
</div>

<div class="labels">
</div>

Run ad-m/github-push-action@master
  with:
    github_token: ***
    branch: refs/pull/42/merge
    directory: .
Push to branch refs/pull/42/merge
remote: Permission to NRCHKB/node-red-contrib-homekit-docker.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/NRCHKB/node-red-contrib-homekit-docker.git/': The requested URL returned error: 403
Error: Invalid exit code: 128
    at ChildProcess.<anonymous> (/home/runner/work/_actions/ad-m/github-push-action/master/start.js:29:21)
    at ChildProcess.emit (events.js:210:5)
    at maybeClose (internal/child_process.js:1021:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5) {
  code: 128
}
Error: Invalid exit code: 128
    at ChildProcess.<anonymous> (/home/runner/work/_actions/ad-m/github-push-action/master/start.js:29:21)
    at ChildProcess.emit (events.js:210:5)
    at maybeClose (internal/child_process.js:1021:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)

  dependabot:
    #needs: [build]
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - uses: actions/setup-node@v2
        with:
          node-version: '14'
      - uses: actions/checkout@v2
        with:
          persist-credentials: false
          fetch-depth: 0
      - run: |
          git config user.name github-actions[bot]
          git config user.email github-actions[bot]@users.noreply.github.com
          npm version patch -m "[RELEASE] %s"
      - name: Push changes
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: ${{ github.ref }}
      - uses: fastify/github-action-merge-dependabot@v2.1.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
```</span></p>
  </div>

  </article>

  <div class="onebox-metadata">
    
    
  </div>

  <div style="clear: both"></div>
</aside>

Based on your answer I simply configured actions/checkout to use the PAT and it worked. I didn't realize the credentials persisted between steps, messing with persist-credentials could probably work too