From ac31c164ccc7ab78324f3895e6698689daaf93e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Fri, 24 Apr 2026 18:48:04 -0300 Subject: [PATCH 1/2] fix: grant changelog workflow project permissions --- CHANGELOG.md | 4 ++++ docs/advanced/branch-protection-and-bot-commits.rst | 5 ++++- resources/github-actions/changelog.yml | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 414393356b..3e10671a2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- Grant project-board write permission in the packaged changelog workflow wrapper so consumer release workflows can call the reusable changelog automation without GitHub rejecting the requested permissions (#251) + ## [1.22.0] - 2026-04-24 ### Added diff --git a/docs/advanced/branch-protection-and-bot-commits.rst b/docs/advanced/branch-protection-and-bot-commits.rst index 0d41fbe8b0..5085b64146 100644 --- a/docs/advanced/branch-protection-and-bot-commits.rst +++ b/docs/advanced/branch-protection-and-bot-commits.rst @@ -177,7 +177,10 @@ To enable reusable project automation in consumer repositories, pass ``project`` through the thin ``workflow_call`` wrapper or configure the repository variable ``PROJECT`` so the workflow can resolve the target GitHub Project without hardcoding repository-specific board identifiers into the -packaged workflow itself. The workflow derives the owner from +packaged workflow itself. Consumer wrappers that call reusable workflows with +project-board release transitions MUST also grant ``repository-projects: write`` +at the caller level; otherwise GitHub rejects the workflow before the release +automation starts. The workflow derives the owner from ``github.repository_owner`` and uses the built-in workflow token for the actual project mutations. Inside ``php-fast-forward`` repositories, the reusable workflow MAY fall back to the first organization Project V2 when no explicit diff --git a/resources/github-actions/changelog.yml b/resources/github-actions/changelog.yml index 2490ecb028..bf4568b1e2 100644 --- a/resources/github-actions/changelog.yml +++ b/resources/github-actions/changelog.yml @@ -31,6 +31,7 @@ on: permissions: contents: write pull-requests: write + repository-projects: write jobs: changelog: From e244cbd0e13fd01450e41b8dcfc51376d2fbfc31 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 24 Apr 2026 21:49:50 +0000 Subject: [PATCH 2/2] Update wiki submodule pointer for PR #252 --- .github/wiki | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/wiki b/.github/wiki index 6248aa1cd3..65a96e6fa9 160000 --- a/.github/wiki +++ b/.github/wiki @@ -1 +1 @@ -Subproject commit 6248aa1cd359641141ba617e7b1f9e3f71034797 +Subproject commit 65a96e6fa9dd94c6afdb55c33027abde71286b20