I am attempting to create a tag for a given sha in a github workflow that is failing with the following error:
! [remote rejected] tagA -> tagA (refusing to allow a GitHub App to create or update workflow `.github/workflows/workflow-that-is-not-working.yml` without `workflows` permission)
However there is actually no code in the tag that has a change to that workflow at all. The token that is being used is the GITHUB_TOKEN that is provided by the workflow.
Literature on the internet seems to suggest that this is because the token does not have the
workflows permission but as I understand it, only a PAT will allow that permission to be attached. My underlying question is why does github think that there is a change to the
workflow-that-is-not-working.yml even though there is no such change? Or is this a symptom of some other issue?
How can I debug this issue further?