Skip to content

fix: add contents read permission for CI validation workflow#1292

Merged
rfgamaral merged 1 commit intomainfrom
ricardo/fix-release-workflow-permissions
Apr 8, 2026
Merged

fix: add contents read permission for CI validation workflow#1292
rfgamaral merged 1 commit intomainfrom
ricardo/fix-release-workflow-permissions

Conversation

@rfgamaral
Copy link
Copy Markdown
Member

@rfgamaral rfgamaral commented Apr 8, 2026
edited
Loading

Overview

Fixes the release workflow failing because the called CI validation workflow requests contents: read, which requires the caller to grant at least that permission level. Follow-up to #1291.

PR Checklist

Test plan

The release workflow should pass after merge. This PR also doubles as the release trigger to validate the full workflow end-to-end (GitHub App token, npm publish, GitHub Packages publish, PR comments).

@netlify
Copy link
Copy Markdown

netlify bot commented Apr 8, 2026
edited
Loading

Deploy Preview for doist-typist ready!

Name Link
🔨 Latest commit b55833a
🔍 Latest deploy log https://app.netlify.com/projects/doist-typist/deploys/69d64b51d4630c00085b8ddc
😎 Deploy Preview https://deploy-preview-1292--doist-typist.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@rfgamaral rfgamaral enabled auto-merge (squash) April 8, 2026 12:34
@rfgamaral rfgamaral self-assigned this Apr 8, 2026
@rfgamaral rfgamaral added the 👀 Show PR Used for PRs that need a review, but can be merged when CI is green. label Apr 8, 2026
@rfgamaral rfgamaral requested a review from rmartins90 April 8, 2026 12:35
@rfgamaral rfgamaral merged commit d3cb224 into main Apr 8, 2026
10 checks passed
@rfgamaral rfgamaral deleted the ricardo/fix-release-workflow-permissions branch April 8, 2026 12:35
doist-release-bot bot pushed a commit that referenced this pull request Apr 8, 2026
@doistbot
chore(release): 10.0.1 [skip ci]
2da68b1 
## [10.0.1](v10.0.0...v10.0.1) (2026-04-08)

### Bug Fixes

* add contents read permission for CI validation workflow ([#1292](#1292)) ([d3cb224](d3cb224))
doistbot
doistbot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@doistbot doistbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR effectively fixes the release workflow failure by adding the required read permissions for the CI validation step, ensuring the end-to-end pipeline can execute successfully. While the fix is well-targeted, there is a minor opportunity to improve the security posture by scoping the read permission strictly to the CI validation job rather than the entire workflow, keeping the token permissions minimal for the subsequent release steps.

Share FeedbackReview Logs

@doist-release-bot
Copy link
Copy Markdown

doist-release-bot bot commented Apr 8, 2026

🎉 This PR is included in version 10.0.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@doist-release-bot doist-release-bot bot added the released Pull requests that have been released to production label Apr 8, 2026
@rfgamaral rfgamaral mentioned this pull request Apr 8, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@doistbot doistbot doistbot left review comments

@rmartins90 rmartins90 Awaiting requested review from rmartins90

Assignees

@rfgamaral rfgamaral

Labels

released Pull requests that have been released to production 👀 Show PR Used for PRs that need a review, but can be merged when CI is green.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rfgamaral @doistbot