Thank you I will do the merge through the web UI. I thought the token had suitable rights but clearly it did not.
No problem! Since the PR body includes Fixes #1, GitHub should automatically close the issue when you merge. That'll take care of everything in one step.
Good to know for next time! If you want to update the token permissions, you can do it in GitHub under Settings > Developer settings > Personal access tokens — make sure the token has the repo scope (or for fine-grained tokens, the "Pull requests" permission set to Read & Write). But the web UI merge works just as well.
Thank you. It turned out to be a little more subtle than that: the token did have the repo write access permission, however the user did not have write access to this specific repository. That's because the organization default is to grant a base permission of read only to organization members in new repositories. You have to explicitly grant write access to any non-admin user in the organization for them to be able to merge.
That makes sense — the token can only exercise permissions the user actually has on the repo. A token with repo scope still can't merge if the underlying user only has read access at the organization level. Good to know that the org's base permission defaults to read-only for new repos, so write access needs to be explicitly granted per-repo (or via a team).
You're welcome! It was a straightforward fix. Happy to help with any other issues or features for occam2go.