GitHub Actions - Authentication Failed for Pushing to Repository

Question

I have a Organization I created, under that Organization I created two repositories

1. Private repo that runs the github action to build, commit and push.
2. Public repo that gets pushed to and hosts the built app.

I'm encountering an issue with a GitHub Actions workflow where the authentication fails when trying to push changes to the public repository. The error messages I receive are:

remote: Permission to [my-repository].git denied to github-actions[bot].
fatal: unable to access 'https://github.com/[my-repository].git/': The requested URL returned error: 403

and

remote: Fine-grained personal access tokens are forbidden from accessing this repository.
fatal: unable to access 'https://github.com/[my-repository].git/': The requested URL returned error: 403

Here is my github organization settings on the private repo that builds and pushes to the public:

Here's the context:

1. Using GITHUB_TOKEN: Initially tried using the GITHUB_TOKEN provided by GitHub Actions, but it did not have sufficient permissions to push changes. (first error)
2. Using Organization PAT: Created an organization fine-grained personal access token (PAT) with repo scope and added it as a secret in the Actions secrets and variables, but encountered the second error.
3. Using Personal PAT: Also tried using a personal classic PAT with repo scope, but still encountered the same 403 error.

Workflow File

This is the workflow file I'm using:

name: Build and Deploy Project

on:
  push:
    branches:
      - production  # Trigger on push to the production branch

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout the repository
        uses: actions/checkout@v3
    
      - name: Set up Python 3.12
        uses: actions/setup-python@v4
        with:
          python-version: '3.12'
    
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install pyinstaller
    
      - name: Install other required dependencies (if any)
        run: |
          pip install -r requirements.txt  # Adjust if you have additional dependencies
    
      - name: Build executable with PyInstaller
        run: |
          pyinstaller --onefile my-script.py  # Adjust the filename if necessary
    
      - name: Push executable to repo
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          
          # Clone the repo and create the main branch if not present
          git clone https://github.com/[my-repository].git
          cd [my-repository]
          
          # Create the main branch if it doesn't exist and switch to it
          git checkout -b main || git checkout main
          
          # Copy the built executable to the repo
          cp ../dist/my-script .  # Adjust this path if necessary
    
          git add my-script  # Add the executable
          git commit -m "Add latest build of my-script"
          
          # Use the GITHUB_TOKEN to push the changes
          git push https://x-access-token:${GITHUB_TOKEN}@github.com/[my-repository].git main

What I've Tried

• Using the GITHUB_TOKEN provided by GitHub Actions.
• Creating an organization fine-grained PAT with repo scope and adding it as a secret.
• Creating a personal classic PAT with repo scope and adding it as a secret.

Additional Information

• There are no branch protection rules in place.
• The repository does not have any specific environment configurations or restrictions that I'm aware of.

Question

How can I resolve this authentication issue and successfully push changes to the repository from my GitHub Actions workflow? Are there any specific settings or configurations that I need to update to allow the GitHub Actions bot to have the necessary permissions?

Any help or guidance would be greatly appreciated!