Skip to content

Docs : clarify permissions problem causing TagBot failures. #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
IanButterworth merged 9 commits into from
Dec 9, 2025
Merged

Docs : clarify permissions problem causing TagBot failures. #434

IanButterworth merged 9 commits into from
Dec 9, 2025

Conversation

@arnavk23
Copy link
Collaborator

@arnavk23 arnavk23 commented Dec 9, 2025
edited
Loading

Users were adding explicit permissions: blocks to their TagBot workflows (often copying from outdated examples)
This caused 403 errors when TagBot tried to create releases, even with contents: write permission
The root cause was that GitHub's permission model changed, and explicit permissions override the default token permissions in a way that breaks TagBot

arnavk23 and others added 6 commits December 8, 2025 10:20
@arnavk23
feat: add rate limit checking on 403 errors (JuliaRegistries#298)
eecb4df 
Add _check_rate_limit() method to query GitHub API rate limit status
and log remaining/limit/reset information when 403 errors are encountered.
This helps distinguish between rate limiting and permission issues.
@arnavk23
fix: normalize UUID to lowercase for registry lookup (JuliaRegistries…
a28bfb6 
…#315)

TagBot now normalizes UUIDs to lowercase when looking them up in the
registry, matching the registry's behavior. This fixes the issue where
packages with uppercase UUIDs were being ignored by TagBot.

- Normalize UUID in _registry_path property
- Normalize UUID in _registry_pr method
- Add test for uppercase UUID handling
@IanButterworth
fixes
f6c2fd7
@IanButterworth
tests: cover rate limit messaging
3003854
@arnavk23
Fix JuliaRegistries#267: Clarify that explicit permissions block brea…
524d705 
…ks TagBot

- Add IMPORTANT callout in Setup section warning against adding explicit
  permissions: block to TagBot workflow
- Update troubleshooting section to explicitly tell users to REMOVE any
  permissions: block if present
- Explain that default GitHub Actions token permissions are what TagBot
  needs and explicit permissions (even with contents: write) prevent
  TagBot from creating releases

This addresses issues JuliaRegistries#267 and JuliaRegistries#388 where users added explicit permissions
blocks (often from outdated examples) which caused 403 errors when TagBot
tried to create releases. The fix in PR JuliaRegistries#392 removed permissions from the
example workflow, but documentation needed to be clearer about why.
@arnavk23
Merge branch 'master' into fix/issue-267
01bc3c7
@arnavk23 arnavk23 requested a review from Copilot December 9, 2025 10:20
Copilot AI reviewed Dec 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves documentation to prevent TagBot workflow failures caused by users adding explicit permissions: blocks to their workflows. The changes clarify that explicit permissions (even with contents: write) override GitHub's default token permissions in a way that prevents TagBot from creating releases, which was causing 403 errors.

  • Added a prominent IMPORTANT callout in the Setup section warning against using explicit permissions
  • Updated troubleshooting guidance to prioritize removing explicit permissions blocks as the first debugging step

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

arnavk23 and others added 2 commits December 9, 2025 15:53
@arnavk23
Update README.md
45c30e6 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@arnavk23
Update README.md
7369b8a
@arnavk23 arnavk23 requested a review from Copilot December 9, 2025 10:24
Copilot AI reviewed Dec 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@arnavk23
Copy link
Collaborator Author

arnavk23 commented Dec 9, 2025

@IanButterworth please review this pr. Thanks!

@IanButterworth
Copy link
Member

IanButterworth commented Dec 9, 2025

The commits on this branch are a bit messed up. Can you reset your master branch to upstream/master and rebase this on that.

@IanButterworth IanButterworth merged commit 174d577 into JuliaRegistries:master Dec 9, 2025
2 checks passed
@arnavk23 arnavk23 deleted the fix/issue-267 branch December 9, 2025 22:55
@inkydragon inkydragon mentioned this pull request Jan 2, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@IanButterworth IanButterworth IanButterworth approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arnavk23 @IanButterworth