Skip to content

fix(ci): add contents:write permission to release crates job#77

Merged
Marc-André Moreau (mamoreau-devolutions) merged 1 commit intomasterfrom
fix/release-crates-permissions
Feb 10, 2026
Merged

fix(ci): add contents:write permission to release crates job#77
Marc-André Moreau (mamoreau-devolutions) merged 1 commit intomasterfrom
fix/release-crates-permissions

Conversation

@irvingoujAtDevolution
Copy link
Copy Markdown
Contributor

@irvingoujAtDevolution irvingouj@Devolutions (irvingoujAtDevolution) commented Feb 10, 2026

Summary

  • The release job in release-crates.yml sets job-level permissions with only id-token: write, which overrides the workflow-level permissions entirely (including contents: write)
  • This caused release-plz to fail with 403 Forbidden when trying to create git tags via https://api.github.com/repos/Devolutions/cadeau/git/tags
  • Adds contents: write to the release job's permissions so tags can be created

Test plan

  • Re-run the "Release crates" workflow after merge and verify the git tag is created successfully

🤖 Generated with Claude Code

@irvingoujAtDevolution @claude
fix(ci): add contents:write permission to release crates job
b28cce0 
The release job overrides workflow-level permissions with job-level
permissions, which resets contents to read-only. This caused release-plz
to fail with 403 when creating git tags via the GitHub API.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@irvingoujAtDevolution @mamoreau-devolutions