Skip to content

fix: add pull-requests: read permission to release workflow#61

Merged
0x46616c6b merged 1 commit intomainfrom
fix/release-workflow-permissions
Apr 7, 2026
Merged

fix: add pull-requests: read permission to release workflow#61
0x46616c6b merged 1 commit intomainfrom
fix/release-workflow-permissions

Conversation

@0x46616c6b
Copy link
Copy Markdown
Contributor

@0x46616c6b 0x46616c6b commented Apr 7, 2026

Type of Change

  • Bugfix
  • Enhancement / new feature
  • Refactoring
  • Documentation

Description

Follow-up to #59. The reusable release drafter workflow (template_release_drafter.yml) internally requests pull-requests: read to read PR data for generating release notes. Without this permission granted by the caller, the nested job is denied access:

Error calling workflow 'Staffbase/gha-workflows/...template_release_drafter.yml'.
The nested job 'update_release_draft' is requesting 'pull-requests: read',
but is only allowed 'pull-requests: none'.

This adds pull-requests: read to the permissions block in release.yml.

Checklist

  • Write tests
  • Make sure all tests pass
  • Update documentation
  • Review the Contributing Guideline and sign CLA
  • Reference relevant issue(s) and close them after merging

The changes and the PR were generated by OpenCode.

@0x46616c6b
fix: add pull-requests: read permission to release workflow
49e7e5a 
The reusable release drafter workflow requests pull-requests: read
internally to read PR data for generating release notes. Without this
permission in the caller, the nested job is denied access.

Co-Authored-By: OpenCode <[email protected]>
@0x46616c6b 0x46616c6b marked this pull request as ready for review April 7, 2026 12:28
@0x46616c6b 0x46616c6b requested a review from a team as a code owner April 7, 2026 12:28
@0x46616c6b 0x46616c6b merged commit 8767e3d into main Apr 7, 2026
10 checks passed
@0x46616c6b 0x46616c6b deleted the fix/release-workflow-permissions branch April 7, 2026 12:29
@github-actions github-actions bot locked and limited conversation to collaborators Apr 7, 2026
@0x46616c6b 0x46616c6b added the bug Something isn't working label Apr 7, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@weizenspreu weizenspreu Awaiting requested review from weizenspreu weizenspreu is a code owner automatically assigned from Staffbase/civilization

@timdittler timdittler Awaiting requested review from timdittler timdittler is a code owner automatically assigned from Staffbase/civilization

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0x46616c6b