From 04c4d83899674b0c5ec7717b9e6df1715b0d5887 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:15:41 +0000 Subject: [PATCH 1/2] Initial plan From 78099943f128548cf79e3d3662e32337c0b56f29 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:21:34 +0000 Subject: [PATCH 2/2] Add contents: write permissions to workflows that perform git push Co-authored-by: trask <218610+trask@users.noreply.github.com> --- .github/workflows/backport.yml | 2 ++ .github/workflows/package-prepare-patch-release.yml | 2 ++ .github/workflows/package-prepare-release.yml | 4 ++++ .github/workflows/package-release.yml | 2 ++ .github/workflows/prepare-patch-release.yml | 2 ++ .github/workflows/prepare-release-branch.yml | 4 ++++ 6 files changed, 16 insertions(+) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 26789093f2..a76e5150dc 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -9,6 +9,8 @@ on: jobs: backport: runs-on: ubuntu-latest + permissions: + contents: write # required for pushing changes steps: - run: | if [[ ! $GITHUB_REF_NAME =~ ^release/v[0-9]+\.[0-9]+\.x-0\.[0-9]+bx$ ]]; then diff --git a/.github/workflows/package-prepare-patch-release.yml b/.github/workflows/package-prepare-patch-release.yml index f216eada8a..46a35fd035 100644 --- a/.github/workflows/package-prepare-patch-release.yml +++ b/.github/workflows/package-prepare-patch-release.yml @@ -18,6 +18,8 @@ run-name: "[Package][${{ inputs.package }}] Prepare patch release" jobs: prepare-patch-release: runs-on: ubuntu-latest + permissions: + contents: write # required for pushing changes steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/package-prepare-release.yml b/.github/workflows/package-prepare-release.yml index d596c4c74a..c597cca5cf 100644 --- a/.github/workflows/package-prepare-release.yml +++ b/.github/workflows/package-prepare-release.yml @@ -92,6 +92,8 @@ jobs: create-pull-request-against-release-branch: runs-on: ubuntu-latest needs: prereqs + permissions: + contents: write # required for pushing changes steps: - uses: actions/checkout@v4 @@ -147,6 +149,8 @@ jobs: create-pull-request-against-main: runs-on: ubuntu-latest needs: prereqs + permissions: + contents: write # required for pushing changes steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/package-release.yml b/.github/workflows/package-release.yml index f5f7bcb347..8f498807c4 100644 --- a/.github/workflows/package-release.yml +++ b/.github/workflows/package-release.yml @@ -17,6 +17,8 @@ run-name: "[Package][${{ inputs.package }}] Release" jobs: release: runs-on: ubuntu-latest + permissions: + contents: write # required for pushing changes steps: - run: | if [[ $GITHUB_REF_NAME != package-release/${{ inputs.package }}* ]]; then diff --git a/.github/workflows/prepare-patch-release.yml b/.github/workflows/prepare-patch-release.yml index ccaffafea8..80d4f22640 100644 --- a/.github/workflows/prepare-patch-release.yml +++ b/.github/workflows/prepare-patch-release.yml @@ -5,6 +5,8 @@ on: jobs: prepare-patch-release: runs-on: ubuntu-latest + permissions: + contents: write # required for pushing changes steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/prepare-release-branch.yml b/.github/workflows/prepare-release-branch.yml index 1d9ff92c05..034ef93d70 100644 --- a/.github/workflows/prepare-release-branch.yml +++ b/.github/workflows/prepare-release-branch.yml @@ -38,6 +38,8 @@ jobs: create-pull-request-against-release-branch: runs-on: ubuntu-latest needs: prereqs + permissions: + contents: write # required for pushing changes steps: - uses: actions/checkout@v4 @@ -120,6 +122,8 @@ jobs: create-pull-request-against-main: runs-on: ubuntu-latest needs: prereqs + permissions: + contents: write # required for pushing changes steps: - uses: actions/checkout@v4