From 8fce3d676418c5b6c4dd3d1bf04a0e8c59fc3f8e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 01:02:58 +0000
Subject: [PATCH 1/3] Initial plan


From a09ec3928c7ddbf089409403e2ae40647629f739 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 01:21:34 +0000
Subject: [PATCH 2/3] Add FAQ link to GitHub Actions PR permission error
 diagnostics (#251)

Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
---
 actions/setup/js/create_pull_request.cjs    | 8 ++++++--
 actions/setup/js/handle_create_pr_error.cjs | 9 ++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/actions/setup/js/create_pull_request.cjs b/actions/setup/js/create_pull_request.cjs
index 9f21355ab4c..f90687c80f9 100644
--- a/actions/setup/js/create_pull_request.cjs
+++ b/actions/setup/js/create_pull_request.cjs
@@ -37,6 +37,9 @@ const HANDLER_TYPE = "create_pull_request";
 /** @type {string} Label always added to fallback issues so the triage system can find them */
 const MANAGED_FALLBACK_ISSUE_LABEL = "agentic-workflows";
 
+/** @type {string} FAQ link for the "GitHub Actions is not permitted to create or approve pull requests" error */
+const FAQ_CREATE_PR_PERMISSIONS_URL = "https://github.github.com/gh-aw/reference/faq/#why-is-my-create-pull-request-workflow-failing-with-github-actions-is-not-permitted-to-create-or-approve-pull-requests";
+
 // GitHub Copilot reviewer bot username
 const COPILOT_REVIEWER_BOT = "copilot-pull-request-reviewer[bot]";
 
@@ -1158,7 +1161,7 @@ ${patchPreview}`;
 
       // Check if the error is the specific "GitHub actions is not permitted to create or approve pull requests" error
       if (errorMessage.includes("GitHub Actions is not permitted to create or approve pull requests")) {
-        core.error("Permission error: GitHub Actions is not permitted to create or approve pull requests");
+        core.error(`Permission error: GitHub Actions is not permitted to create or approve pull requests. See FAQ: ${FAQ_CREATE_PR_PERMISSIONS_URL}`);
 
         // Branch has already been pushed - create a fallback issue with a link to create the PR via GitHub UI
         const githubServer = process.env.GITHUB_SERVER_URL || "https://github.com";
@@ -1181,7 +1184,8 @@ ${patchPreview}`;
           `> The changes have been pushed to branch \`${branchName}\`.\n` +
           `>\n` +
           `> **[Click here to create the pull request](${createPrUrl})**\n\n` +
-          `To fix the permissions issue, go to **Settings** → **Actions** → **General** and enable **Allow GitHub Actions to create and approve pull requests**.` +
+          `To fix the permissions issue, go to **Settings** → **Actions** → **General** and enable **Allow GitHub Actions to create and approve pull requests**. ` +
+          `See also: [gh-aw FAQ](${FAQ_CREATE_PR_PERMISSIONS_URL})` +
           patchPreview;
 
         try {
diff --git a/actions/setup/js/handle_create_pr_error.cjs b/actions/setup/js/handle_create_pr_error.cjs
index 1d070731f83..c9328c7047b 100644
--- a/actions/setup/js/handle_create_pr_error.cjs
+++ b/actions/setup/js/handle_create_pr_error.cjs
@@ -4,6 +4,9 @@
 const { sanitizeContent } = require("./sanitize_content.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
 
+/** @type {string} FAQ link for the "GitHub Actions is not permitted to create or approve pull requests" error */
+const FAQ_CREATE_PR_PERMISSIONS_URL = "https://github.github.com/gh-aw/reference/faq/#why-is-my-create-pull-request-workflow-failing-with-github-actions-is-not-permitted-to-create-or-approve-pull-requests";
+
 /**
  * Handle create_pull_request permission errors
  * This script is called from the conclusion job when create_pull_request fails
@@ -44,7 +47,11 @@ async function main() {
     "3. Check the box: **Allow GitHub Actions to create and approve pull requests**\n" +
     "4. Click **Save**\n\n" +
     "### Documentation\n\n" +
-    "For more information, see: [Managing GitHub Actions settings for a repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests)\n\n" +
+    "For more information, see:\n" +
+    "- [gh-aw FAQ: Why is my create-pull-request workflow failing?](" +
+    FAQ_CREATE_PR_PERMISSIONS_URL +
+    ")\n" +
+    "- [Managing GitHub Actions settings for a repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests)\n\n" +
     "### Workflow Details\n\n" +
     "- **Workflow**: " +
     workflowName +

From 8cf205d1dfd381b3e2c56f7679c1143f7dcaaddb Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 02:33:55 +0000
Subject: [PATCH 3/3] Refactor PR permission denied fallback body into template
 file (actions/setup/md/pr_permission_denied_fallback.md)

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 actions/setup/js/create_pull_request.cjs      | 19 +++++++++----------
 .../setup/md/pr_permission_denied_fallback.md | 11 +++++++++++
 2 files changed, 20 insertions(+), 10 deletions(-)
 create mode 100644 actions/setup/md/pr_permission_denied_fallback.md

diff --git a/actions/setup/js/create_pull_request.cjs b/actions/setup/js/create_pull_request.cjs
index f90687c80f9..f7d8297ab98 100644
--- a/actions/setup/js/create_pull_request.cjs
+++ b/actions/setup/js/create_pull_request.cjs
@@ -1177,16 +1177,15 @@ ${patchPreview}`;
           patchPreview = generatePatchPreview(patchContent);
         }
 
-        const fallbackBody =
-          `${body}\n\n---\n\n` +
-          `> [!NOTE]\n` +
-          `> This was originally intended as a pull request, but GitHub Actions is not permitted to create or approve pull requests in this repository.\n` +
-          `> The changes have been pushed to branch \`${branchName}\`.\n` +
-          `>\n` +
-          `> **[Click here to create the pull request](${createPrUrl})**\n\n` +
-          `To fix the permissions issue, go to **Settings** → **Actions** → **General** and enable **Allow GitHub Actions to create and approve pull requests**. ` +
-          `See also: [gh-aw FAQ](${FAQ_CREATE_PR_PERMISSIONS_URL})` +
-          patchPreview;
+        const fallbackTemplatePath = `${process.env.RUNNER_TEMP}/gh-aw/prompts/pr_permission_denied_fallback.md`;
+        const fallbackTemplate = fs.readFileSync(fallbackTemplatePath, "utf8");
+        const fallbackBody = renderTemplate(fallbackTemplate, {
+          body,
+          branch_name: branchName,
+          create_pr_url: createPrUrl,
+          faq_url: FAQ_CREATE_PR_PERMISSIONS_URL,
+          patch_preview: patchPreview,
+        });
 
         try {
           const { data: issue } = await githubClient.rest.issues.create({
diff --git a/actions/setup/md/pr_permission_denied_fallback.md b/actions/setup/md/pr_permission_denied_fallback.md
new file mode 100644
index 00000000000..cfb402a9a36
--- /dev/null
+++ b/actions/setup/md/pr_permission_denied_fallback.md
@@ -0,0 +1,11 @@
+{body}
+
+---
+
+> [!NOTE]
+> This was originally intended as a pull request, but GitHub Actions is not permitted to create or approve pull requests in this repository.
+> The changes have been pushed to branch `{branch_name}`.
+>
+> **[Click here to create the pull request]({create_pr_url})**
+
+To fix the permissions issue, go to **Settings** → **Actions** → **General** and enable **Allow GitHub Actions to create and approve pull requests**. See also: [gh-aw FAQ]({faq_url}){patch_preview}