Skip to content

fix: add contents:write permission to workflows with git push operations #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

fix: add contents:write permission to workflows with git push operations #31

wants to merge 2 commits into from

Conversation

Copilot
Copy link

@Copilot Copilot AI commented Jul 18, 2025
edited
Loading

This PR fixes minimum token permissions for GitHub Actions workflows that perform git push operations by adding the required contents: write permission.

Changes Made

1. .github/workflows/release-please.yml

  • Added contents: write # required for pushing changes to job-level permissions
  • Required for the git push operation on line 62 that pushes package-lock.json updates

2. .github/workflows/update-otel-deps.yaml

  • Added new permissions section with contents: write # required for pushing changes
  • Required for two git push operations:
    • Line 31: git push origin main --force (sync with upstream)
    • Line 50: git push --set-upstream origin feat/update-otel-deps --force (push feature branch)

Technical Details

Both workflows previously had contents: read at the global level, but GitHub Actions requires contents: write permission specifically for jobs that perform git push operations. The changes:

  • Add job-level permissions that override the global contents: read
  • Maintain existing permissions (e.g., id-token: write in release-please.yml)
  • Include the required trailing comment as specified in the issue

Verification

  • ✅ Found exactly 2 workflows with git push operations
  • ✅ Both workflows now have proper contents: write permissions
  • ✅ YAML syntax validated for both files
  • ✅ Minimal changes: 3 lines added, 0 deleted

Fixes #30.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@Copilot Copilot AI assigned Copilot and trask Jul 18, 2025
@Copilot Copilot AI changed the title [WIP] Fix minimum token permissions if needed fix: add contents:write permission to workflows with git push operations Jul 18, 2025
@Copilot Copilot AI requested a review from trask July 18, 2025 16:08
Copilot finished work on behalf of trask July 18, 2025 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trask trask trask approved these changes

Assignees

@trask trask

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix minimum token permissions if needed
2 participants
@Copilot @trask