Skip to content

fix: grant write permissions and use @main in claude workflow#950

Merged
ashwin-ant merged 1 commit intomainfrom
ashwin/commit-signing-workflow
Feb 15, 2026
Merged

fix: grant write permissions and use @main in claude workflow#950
ashwin-ant merged 1 commit intomainfrom
ashwin/commit-signing-workflow

Conversation

@ashwin-ant
Copy link
Collaborator

@ashwin-ant ashwin-ant commented Feb 15, 2026
edited
Loading

Switch workflow permissions from read to write for contents, pull-requests, and issues so that the OIDC app token can push commits via git CLI.

Also points the workflow to @main instead of @v1.

claude[bot]
claude bot reviewed Feb 15, 2026
View reviewed changes
.github/workflows/claude.yml
- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@v1
uses: anthropics/claude-code-action@main
Copy link
Contributor

@claude claude bot Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Since this is intentionally tracking main for dogfooding (rather than an oversight), a brief comment would help future contributors understand the intent and avoid "fixing" it back to a release tag:

Suggested change
uses: anthropics/claude-code-action@main
uses: anthropics/claude-code-action@main # dogfood latest changes

@claude
Copy link
Contributor

claude bot commented Feb 15, 2026

Clean, well-motivated fix. The PR description does a good job explaining the root cause (actions/checkout includeIf config approach breaking the git config --unset-all credential cleanup) and why API commit signing is the right solution -- it sidesteps the git CLI credential issue entirely.

Summary:

  • use_commit_signing: true -- net positive, both as a fix for the credential race and as a security improvement (signed commits).
  • @main pinning -- reasonable for dogfooding your own action. Left a minor suggestion to add a comment clarifying the intent.

No concerns with performance, test coverage, or documentation. Looks good.

@ashwin-ant ashwin-ant enabled auto-merge (squash) February 15, 2026 22:56
@ashwin-ant ashwin-ant disabled auto-merge February 15, 2026 23:04
@ashwin-ant
fix: grant write permissions and use @main in claude workflow
3822203 
Give the workflow contents/pull-requests/issues write permissions so
the OIDC app token can push. Also point to @main instead of @v1.
@ashwin-ant ashwin-ant force-pushed the ashwin/commit-signing-workflow branch from 3ad648a to 3822203 Compare February 15, 2026 23:04
@ashwin-ant ashwin-ant enabled auto-merge (squash) February 15, 2026 23:04
@ashwin-ant ashwin-ant changed the title fix: use commit signing and @main in claude workflow fix: grant write permissions and use @main in claude workflow Feb 15, 2026
@ashwin-ant ashwin-ant merged commit f6a1c4c into main Feb 15, 2026
36 checks passed
@ashwin-ant ashwin-ant deleted the ashwin/commit-signing-workflow branch February 15, 2026 23:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@chrislloyd chrislloyd chrislloyd approved these changes

Assignees

No one assigned

Labels

claude-code-assisted

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ashwin-ant @chrislloyd