Conversation
…internal repos The reusable workflow uses amannn/action-semantic-pull-request, which calls the GitHub REST API to fetch the PR title. Without an explicit permissions block, the workflow inherits the caller's default GITHUB_TOKEN scopes (Contents/Metadata/Packages: read). Public repos return PR data without pull-requests scope, but internal/private repos require pull-requests:read, so the action returns 403 Resource not accessible by integration. Adding pull-requests:read to the job fixes all callers in one place. SDK-2331
jsonbailey
approved these changes
May 7, 2026
This was referenced May 8, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Merged
ci: grant pull-requests:read so lint-pr-title workflow starts
launchdarkly/openfeature-php-server#24
Merged
Merged
Merged
kinyoklion
added a commit
to launchdarkly/python-server-sdk-otel
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants — since this caller had no `permissions` block, every run now hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: GitHub Actions workflow-only change that widens permissions minimally to allow the reusable lint job to start; no runtime/product code is affected. > > **Overview** > Updates `.github/workflows/lint-pr-title.yml` to explicitly grant `permissions: pull-requests: read` at the workflow level. > > This aligns the caller workflow’s permissions with the reusable `launchdarkly/gh-actions` lint workflow requirements, preventing `startup_failure` when the job runs. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9153434. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/python-eventsource
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only permission change that does not affect product code. Main impact is whether the CI workflow can start and read PR metadata. > > **Overview** > Adds an explicit workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml` so the reusable `lint-pr-title` workflow can access PR metadata and avoid `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit ef319c9. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/js-sdk-common
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` check on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that adjusts GitHub Actions permissions and does not affect product code or runtime behavior. > > **Overview** > Ensures the `Lint PR title` workflow can run by explicitly granting **read** access to pull request metadata via `permissions: pull-requests: read` at the workflow level. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit d9c3474. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/dotnet-logging-adapter-nlog
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (in launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so callers without an explicit `permissions` block now cause a `startup_failure`. This adds the minimum required permission to fix it. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes - No product code is affected — workflow-only change. - `php-server-sdk-otel` was not included in this rollout due to a push permission issue; it may need to be addressed separately. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that only adjusts GitHub Actions permissions to fix a startup failure; no product/runtime code is affected. > > **Overview** > Fixes the `Lint PR title` GitHub Actions workflow startup by adding an explicit workflow-level `permissions: pull-requests: read`, allowing the referenced reusable workflow to run under `pull_request_target` without `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 4d56848. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/node-client-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that only broadens permissions to read PR metadata for the title linter. > > **Overview** > Fixes PR title linting runs that were failing at startup by adding a workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml`, allowing the called reusable workflow to request the permissions it needs. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 218b4ce. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/openfeature-php-server
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only change that adds minimal `pull-requests: read` permission to allow the reusable PR-title linter workflow to start successfully. > > **Overview** > Ensures the `Lint PR title` GitHub Actions workflow can run by explicitly granting `pull-requests: read` permissions at the workflow level in `.github/workflows/lint-pr-title.yml`, matching the permissions required by the reused `launchdarkly/gh-actions` workflow. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 3fba275. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/python-server-sdk-ai
that referenced
this pull request
May 8, 2026
**Requirements** - [x] I have added test coverage for new or changed functionality — N/A (CI workflow change only) - [x] I have followed the repository's [pull request submission guidelines](../blob/main/CONTRIBUTING.md#submitting-pull-requests) - [x] I have validated my changes against all supported platform versions — N/A (CI workflow change only) **Related issues** - Same fix as [launchdarkly/sdk-meta#429](launchdarkly/sdk-meta#429) - Root cause: [launchdarkly/gh-actions#86](launchdarkly/gh-actions#86) added `permissions: pull-requests: read` at the job level inside the reusable workflow **Describe the solution you've provided** Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. A reusable workflow can only request a subset of the permissions the caller has granted. Since this caller had no `permissions` block, the reusable workflow's permission request could not be satisfied, causing every run to hit `startup_failure`. **Describe alternatives you've considered** The permission could be reverted in the reusable workflow instead, but that would remove a security improvement (least-privilege scoping) across all consumers. **Additional context** No product code is changed. The only verification needed is that the `Lint PR title` check on this PR itself passes rather than hitting `startup_failure`. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk CI-only change that only adjusts workflow permissions to fix a startup failure; no product code or data handling is affected. > > **Overview** > Fixes `Lint PR title` workflow startup failures by adding an explicit workflow-level `permissions: pull-requests: read`, allowing the called reusable workflow to request PR read access. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 1e52be0. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/erlang-server-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml` was updated ([gh-actions#86](launchdarkly/gh-actions#86)) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as [sdk-meta#429](launchdarkly/sdk-meta#429). ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR succeeds (exits `success` rather than `startup_failure`) ### Notes No product code is changed — this is a workflow-only permissions fix. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only change that just adds explicit `pull-requests: read` permissions to allow the reusable lint workflow to start. > > **Overview** > Fixes the `Lint PR title` GitHub Action by explicitly granting **workflow-level** `permissions: pull-requests: read`, so the reusable `launchdarkly/gh-actions` lint workflow can request the needed permission and avoid `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9862c80. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/sse-contract-tests
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated ([gh-actions#86](launchdarkly/gh-actions#86)) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants — without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as [sdk-meta#429](launchdarkly/sdk-meta#429). ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. Only `pull-requests: read` is granted, matching the minimum scope the reusable workflow requires. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only permission tweak that grants minimal read access and doesn’t affect product code or runtime behavior. > > **Overview** > Adds an explicit workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml` so the reused `launchdarkly/gh-actions` PR-title linter can start successfully under `pull_request_target`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 884563f. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/rust-server-sdk-evaluation
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated in [gh-actions#86](launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants. Since this caller had no `permissions` block, the reusable workflow's permission request cannot be satisfied, causing every run to hit `startup_failure`. Same fix as [sdk-meta#429](launchdarkly/sdk-meta#429), applied across SDK repositories. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. Only `pull-requests: read` is granted, matching the minimum scope the reusable workflow requires. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Workflow-only change that minimally expands GitHub token scope to `pull-requests: read` so the reusable lint workflow can start; no product/runtime code paths are affected. > > **Overview** > Fixes `Lint PR title` runs failing at startup by granting the workflow `permissions: pull-requests: read`, allowing the called reusable workflow to obtain the required PR read access. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 32ed3c7. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/php-server-sdk-redis-predis
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants — without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. This same change is being applied across all SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only change that only broadens read access to PR metadata and does not affect product code or deployments. > > **Overview** > Adds an explicit workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml` so the reusable `launchdarkly/gh-actions` PR-title lint workflow has the minimum required access and no longer fails at startup. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 269c350. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/ruby-eventsource
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run now hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that broadens permissions slightly to allow the lint job to run; no product/runtime code is affected. > > **Overview** > Fixes `Lint PR title` workflow startup failures by explicitly granting **workflow-level** `permissions: pull-requests: read`, enabling the referenced reusable workflow to execute. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 1992dae. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/openfeature-java-server
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` check on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: only adjusts GitHub Actions workflow permissions and does not touch product code. The main impact is whether the PR-title lint job can start and access PR metadata as intended. > > **Overview** > Updates the `Lint PR title` GitHub Actions workflow to explicitly grant `pull-requests: read` permissions at the workflow level. > > This aligns caller permissions with the reusable `launchdarkly/gh-actions` lint workflow so runs don’t fail at startup due to insufficient PR access. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 769ec7c. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/haskell-server-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (in launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. This identical change is being applied across all SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that adjusts GitHub Actions permissions so the reusable `lint-pr-title` job can start successfully. > > **Overview** > Updates the `Lint PR title` GitHub Actions workflow to explicitly grant `pull-requests: read` permissions at the workflow level, allowing the reusable `lint-pr-title` workflow to run without `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 4f9ecd5. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/ruby-server-sdk-otel
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated in launchdarkly/gh-actions#86 to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants — without an explicit `permissions` block here, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` check on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only permissions change that enables the reusable PR-title linter to start; no product/runtime code is affected. > > **Overview** > Adds a workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml` so the reusable `lint-pr-title` workflow can run without `startup_failure` on `pull_request_target` events. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 8b8a7e1. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/openfeature-ruby-server
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: this only adjusts GitHub Actions workflow permissions and does not touch product code. The main impact is on CI behavior (enabling the reusable lint workflow to start successfully). > > **Overview** > Updates the `Lint PR title` GitHub Actions workflow to explicitly grant `pull-requests: read` permissions at the workflow level so the reusable `lint-pr-title` workflow can run without `startup_failure` on `pull_request_target` events. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 3bae391. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/go-test-helpers
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (in launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. This same change is being applied across all SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Workflow-only permission tweak to allow a reusable GitHub Action to run; no product code or data handling changes. > > **Overview** > Updates `.github/workflows/lint-pr-title.yml` to explicitly grant `pull-requests: read` permissions at the workflow level so the reusable `lint-pr-title` workflow can start successfully on `pull_request_target` events. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit ba9cc01. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/swift-eventsource
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (in [gh-actions#86](launchdarkly/gh-actions#86)) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants. Without an explicit `permissions` block in the caller, the called job fails with `startup_failure`. Same fix as [sdk-meta#429](launchdarkly/sdk-meta#429). ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. Only `pull-requests: read` is granted, matching the minimum scope the reusable workflow requires. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that minimally expands GitHub Actions permissions to `pull-requests: read` to avoid reusable-workflow startup failures. > > **Overview** > Ensures the `Lint PR title` reusable workflow can start by explicitly granting **workflow-level** `permissions: pull-requests: read` in `.github/workflows/lint-pr-title.yml`, matching the minimum permissions required by the called workflow and preventing `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit e2c27b0. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/openfeature-dotnet-server
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` check on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only change that widens permissions minimally to allow the reusable PR-title linter to start successfully. > > **Overview** > Adds a workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml` so the reusable `lint-pr-title` workflow can request the permissions it needs and run successfully. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 87a5aab. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/php-server-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that only broadens read access to PR metadata to avoid job startup failures. > > **Overview** > Ensures the `Lint PR title` workflow can run by explicitly granting **`pull-requests: read`** at the workflow level, aligning caller permissions with the reusable `launchdarkly/gh-actions` lint workflow requirements. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 515ac6d. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/js-client-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix applied across SDK repos. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that widens GitHub Actions permissions slightly to allow the reusable PR title lint workflow to start successfully. > > **Overview** > Fixes the `Lint PR title` GitHub Actions workflow failing to start by explicitly granting **workflow-level** `permissions: pull-requests: read` for the `pull_request_target` trigger. > > This allows the reused `launchdarkly/gh-actions` lint workflow to request the needed PR read scope and run without `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 622e8fc. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/ruby-server-sdk
that referenced
this pull request
May 8, 2026
**Requirements** - [x] I have added test coverage for new or changed functionality — N/A (CI workflow change only) - [x] I have followed the repository's [pull request submission guidelines](../blob/main/CONTRIBUTING.md#submitting-pull-requests) - [x] I have validated my changes against all supported platform versions — N/A (CI workflow change only) **Related issues** - Root cause: [launchdarkly/gh-actions#86](launchdarkly/gh-actions#86) added `permissions: pull-requests: read` at the job level inside the reusable lint-pr-title workflow - Same fix as [launchdarkly/sdk-meta#429](launchdarkly/sdk-meta#429) **Describe the solution you've provided** Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. A reusable workflow can only request a subset of the permissions the caller has granted. Since this caller had no `permissions` block, the reusable workflow's `pull-requests: read` request could not be satisfied, causing every run to hit `startup_failure`. **Describe alternatives you've considered** Reverting the permission change in the reusable workflow, but that would remove a security improvement (least-privilege scoping) across all consumers. **Additional context** No product code is changed. The `Lint PR title` check on this PR itself should exit `success` rather than `startup_failure`, confirming the fix. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk CI-only change that adjusts GitHub Actions permissions; it could only affect whether the PR title lint workflow is able to start/run. > > **Overview** > Fixes the `Lint PR title` GitHub Actions workflow failing to start by explicitly granting `pull-requests: read` at the workflow level, ensuring the called reusable workflow can request PR read access. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9f914f0. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/roku-client-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants — without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429, applied across SDK repositories. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix. Only `pull-requests: read` is granted, matching the minimum scope the reusable workflow requires. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that broadens GitHub token permissions slightly (to `pull-requests: read`) to avoid reusable workflow startup failures. > > **Overview** > Updates the `Lint PR title` GitHub Actions workflow to explicitly grant `pull-requests: read` permissions at the workflow level so the reused `launchdarkly/gh-actions` lint workflow can start and access PR metadata without `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit dd7b50a. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/openfeature-python-server
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated in launchdarkly/gh-actions#86 to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only permission change to allow the reusable `lint-pr-title` workflow to start; no product code or runtime behavior is affected. > > **Overview** > Ensures the `Lint PR title` GitHub Actions workflow can run by explicitly granting `permissions: pull-requests: read` at the workflow level when invoking the reusable `launchdarkly/gh-actions` workflow. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit a45b9df. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/rust-server-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants. Without an explicit `permissions` block in the caller, the called job fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` check on this PR exits `success` rather than `startup_failure` - [ ] Confirm only `pull-requests: read` is granted — no broader permissions added ### Notes No product code is changed. This is part of a batch fix across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk change confined to GitHub Actions permissions, granting only read access to pull requests to fix a workflow startup failure. > > **Overview** > Ensures the `Lint PR title` GitHub Actions workflow can run by explicitly granting **`pull-requests: read`** at the workflow level in `.github/workflows/lint-pr-title.yml`, matching the permissions required by the referenced reusable workflow. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit d7f5029. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/haskell-server-sdk-redis-hedis
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated ([gh-actions#86](launchdarkly/gh-actions#86)) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as [sdk-meta#429](launchdarkly/sdk-meta#429). ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix applied across SDK repos. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: workflow-only permission change to allow the reusable PR-title lint job to start; no product code or runtime behavior is affected. > > **Overview** > Adds an explicit workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml` so the reusable `lint-pr-title` workflow can run under `pull_request_target` without `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 105ff1f. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/ld-relay-helm
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, the workflow fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix applied across SDK repos. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that only expands read access to PR metadata for this job. > > **Overview** > Adds a workflow-level `permissions: pull-requests: read` block to `.github/workflows/lint-pr-title.yml` so the called reusable `lint-pr-title` workflow has the minimum permissions it needs to run without `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 978d0d2. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/php-server-sdk-dynamodb
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` was updated (launchdarkly/gh-actions#86) to declare `permissions: pull-requests: read` at the job level. A reusable workflow can only request a subset of the permissions the caller grants, so without an explicit `permissions` block in the caller, every run hits `startup_failure`. Same fix as launchdarkly/sdk-meta#429. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR exits `success` rather than `startup_failure` ### Notes No product code is changed — workflow-only permissions fix being applied across SDK repos that use the reusable `lint-pr-title` workflow. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk because it only adjusts GitHub Actions workflow permissions and does not change product code or runtime behavior. > > **Overview** > Adds a workflow-level `permissions: pull-requests: read` to `.github/workflows/lint-pr-title.yml` so the reusable `lint-pr-title` workflow can access PR metadata and avoid `startup_failure`. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 91451ed. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
kinyoklion
added a commit
to launchdarkly/android-client-sdk
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml` now declares `permissions: pull-requests: read` at the job level (per launchdarkly/gh-actions#86), and a reusable workflow can only request a subset of permissions the caller grants. Without an explicit `permissions` block in the caller, the called job fails with `startup_failure`. Same fix as launchdarkly/sdk-meta#429, applied across SDK repositories. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` workflow run on this PR completes successfully (no `startup_failure`) ### Notes This is part of a batch fix applied to all SDK repos that use the reusable `lint-pr-title` workflow. No application code is changed. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow-only change that only adjusts GitHub Actions permissions and does not affect application code. > > **Overview** > Ensures the reusable `lint-pr-title` workflow can run on `pull_request_target` events by explicitly adding **workflow-level** `permissions: pull-requests: read`, preventing `startup_failure` due to insufficient caller permissions. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 5645129. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kinyoklion
added a commit
to launchdarkly/dotnet-core
that referenced
this pull request
May 8, 2026
## Summary Adds `permissions: pull-requests: read` at the workflow level in `.github/workflows/lint-pr-title.yml`. The reusable workflow at `launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main` now declares `pull-requests: read` at the job level (via launchdarkly/gh-actions#86). A reusable workflow can only request a subset of the caller's granted permissions, so without an explicit `permissions` block here, the called job fails to start (`startup_failure`). Same fix as launchdarkly/sdk-meta#429, applied across SDK repositories. ## Review & Testing Checklist for Human - [ ] Verify the `Lint PR title` check on this PR exits `success` rather than `startup_failure` ### Notes - `launchdarkly/php-server-sdk-otel` could not be updated due to a push permission issue (403) and will need to be fixed separately. Link to Devin session: https://app.devin.ai/sessions/c7b96da5c9074500aa684bc9a9ba1c31 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk workflow permission tweak; it only expands the action’s read access to PR metadata and doesn’t affect application code or deployments. > > **Overview** > Ensures the `Lint PR title` reusable workflow can run by explicitly granting **workflow-level** `permissions: pull-requests: read` in `.github/workflows/lint-pr-title.yml`, avoiding `startup_failure` when the called workflow requests PR read access. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 484a4bf. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The reusable workflow at
.github/workflows/lint-pr-title.ymlfails on internal/private LaunchDarkly repos with##[error]Resource not accessible by integration(HTTP 403).amannn/action-semantic-pull-requestcalls the GitHub REST API to fetch the PR title. Because the reusable workflow declares nopermissions:block, it inherits the caller's defaultGITHUB_TOKENscopes (Contents/Metadata/Packages: read). Public repos return PR data withoutpull-requestsscope, but internal/private repos requirepull-requests: read, so the action 403s.This adds
permissions: pull-requests: readto themainjob, fixing all callers in one place.