Skip to content

fix(ci): remove restrictive permissions from bug-fix trigger workflow#2070

Merged
peppescg merged 1 commit intomainfrom
fix/bug-fix-workflow-permissions
Apr 22, 2026
Merged

fix(ci): remove restrictive permissions from bug-fix trigger workflow#2070
peppescg merged 1 commit intomainfrom
fix/bug-fix-workflow-permissions

Conversation

@peppescg
Copy link
Copy Markdown
Collaborator

@peppescg peppescg commented Apr 22, 2026

Summary

  • Remove permissions: contents: read from bug-fix-on-label.yml — it was overriding the reusable workflow's permissions, causing startup_failure when the bug-fix agent tried to run

The reusable workflow _bug-fix-agent.yml defines its own permissions (contents: write, pull-requests: write, issues: write, id-token: write). The caller's restrictive permissions block was capping them.

Test plan

  • Add auto-fix label to a Bug issue and verify the workflow starts successfully

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings April 22, 2026 10:43
@peppescg peppescg self-assigned this Apr 22, 2026
@peppescg @claude
fix(ci): add required permissions to bug-fix trigger workflow
eb69a2d 
The caller workflow had `permissions: contents: read` which capped the
reusable workflow's permissions, causing startup_failure. The reusable
workflow needs write access to contents, pull-requests, issues, and
id-token. These must be explicitly granted by the caller.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@peppescg peppescg force-pushed the fix/bug-fix-workflow-permissions branch from 4594907 to eb69a2d Compare April 22, 2026 10:44
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes a restrictive permissions block from the bug-fix-on-label workflow so the reusable bug-fix agent workflow can start without being capped by the caller’s token permissions.

Changes:

  • Removed permissions: contents: read from .github/workflows/bug-fix-on-label.yml to avoid overriding/capping permissions required by the reusable workflow.

Comment thread .github/workflows/bug-fix-on-label.yml
@peppescg peppescg requested a review from Copilot April 22, 2026 10:46
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/bug-fix-on-label.yml
@peppescg peppescg merged commit be999a6 into main Apr 22, 2026
25 checks passed
@peppescg peppescg deleted the fix/bug-fix-workflow-permissions branch April 22, 2026 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kantord kantord kantord approved these changes

Assignees

@peppescg peppescg

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@peppescg @kantord