Cannot create PR modifying .github/workflows/* due to disallowed workflows:write permission

[elika56]

Problem

When using gh-aw with strict mode and safe_outputs.create-pull-request,
it is not possible to create a PR that modifies files under:

.github/workflows/

This is because:

• workflows: write is disallowed in frontmatter
• contents: write is also rejected in strict mode
• modifying workflow files requires elevated permissions

Use Case

I am building a CI optimization agent that:

• analyzes workflow performance
• proposes improvements
• creates PRs updating ci.yml

Currently this is blocked by permission constraints.

Question

What is the intended pattern for:

• agents that need to propose workflow changes?
• or safe PR creation for workflow file modifications?

Should this:

1. Be done via external GitHub App with workflow scope?
2. Be disallowed intentionally?
3. Be supported in a future version?

Would appreciate clarification or recommended architecture.
``

[pelikhan]

This is a builtin protection to actions. The GitHub actions user cannot write to these files.

You need to use a custom token or a GitHub app.

[elika56]

This is a builtin protection to actions. The GitHub actions user cannot write to these files.

You need to use a custom token or a GitHub app.

Thanks for clarifying — that makes sense from a security perspective.

One important constraint in this case is that when using
safe_outputs.create-pull-request, the token is managed internally
and cannot be replaced with a custom token or GitHub App credential.

So even if we want to use a token with workflows: write,
there is currently no way to supply it to safe_outputs.

Given that limitation, what is the recommended pattern for agents that
need to propose changes to .github/workflows/*?

For example, a CI optimization agent that:

• analyzes workflow performance
• suggests improvements
• opens a PR updating ci.yml

Is the expectation that:

1. Workflow files should never be modified via safe_outputs?
2. A separate automation pipeline should be used outside gh-aw?
3. Workflows should be structured so only non-workflow files change?

Would appreciate clarification on the intended architecture here.

[strawgate]

Maybe this is just a feature request to add the GitHub token override to the create pr safe output and push to pr branch safe output?

[elika56]

Maybe this is just a feature request to add the GitHub token override to the create pr safe output and push to pr branch safe output?

you are correct. what should i do in order to open this as a feature request?

[dsyme]

Hmmmm it should be possible to specify a token, see here https://github.github.com/gh-aw/reference/safe-outputs/#global-configuration-options

Have you tried that? Thanks