Skip to content

Comments

Adjust CodeRabbit permissions to write pull_request#234

Merged
tpantelis merged 1 commit intosubmariner-io:develfrom
tpantelis:cr_pr_write
Dec 12, 2025
Merged

Adjust CodeRabbit permissions to write pull_request#234
tpantelis merged 1 commit intosubmariner-io:develfrom
tpantelis:cr_pr_write

Conversation

@tpantelis
Copy link
Contributor

@tpantelis tpantelis commented Dec 12, 2025

Summary by CodeRabbit

Release Notes

No user-visible changes in this release. This update includes internal infrastructure adjustments to CI/CD workflows.

✏️ Tip: You can customize this high-level summary in your review settings.

Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
@submariner-bot
Copy link

🤖 Created branch: z_pr234/tpantelis/cr_pr_write

@coderabbitai
Copy link

coderabbitai bot commented Dec 12, 2025

Walkthrough

A GitHub Actions workflow permission was updated in .github/workflows/coderabbit-trigger.yml, changing from issues: write to pull-requests: write. No control flow or workflow steps were modified.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow Configuration
.github/workflows/coderabbit-trigger.yml
Updated workflow permissions from issues: write to pull-requests: write

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Suggested reviewers

  • skitt
  • sridhargaddam
  • Oats87

Pre-merge checks

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Actionable Comments Resolved ❓ Inconclusive No specific actionable comments from pull request reviews are documented in the provided context. Provide complete list of review comments and their resolution status to verify if all actionable comments have been addressed.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and accurately describes the main change: adjusting CodeRabbit workflow permissions from 'issues: write' to 'pull-requests: write'.

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 603be0f and d9bd14f.

📒 Files selected for processing (1)
  • .github/workflows/coderabbit-trigger.yml (1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: tpantelis
Repo: submariner-io/submariner-bot PR: 0
File: :0-0
Timestamp: 2025-12-12T18:37:30.901Z
Learning: GitHub Actions workflows triggered by bot PRs (Dependabot, submariner-bot) using the `pull_request` trigger always receive a read-only GITHUB_TOKEN, regardless of permissions set in the workflow. To enable write permissions for bot PRs, use `pull_request_target` instead, which runs in the base branch context with full permissions. This is safe when the workflow only performs API actions without checking out or executing PR code.
📚 Learning: 2025-12-12T18:37:30.901Z
Learnt from: tpantelis
Repo: submariner-io/submariner-bot PR: 0
File: :0-0
Timestamp: 2025-12-12T18:37:30.901Z
Learning: GitHub Actions workflows triggered by bot PRs (Dependabot, submariner-bot) using the `pull_request` trigger always receive a read-only GITHUB_TOKEN, regardless of permissions set in the workflow. To enable write permissions for bot PRs, use `pull_request_target` instead, which runs in the base branch context with full permissions. This is safe when the workflow only performs API actions without checking out or executing PR code.

Applied to files:

  • .github/workflows/coderabbit-trigger.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Go
🔇 Additional comments (1)
.github/workflows/coderabbit-trigger.yml (1)

14-15: This reusable workflow is currently not invoked by any workflow in the repository.

The permission change from issues: write to pull-requests: write is semantically correct for the github.rest.issues.createComment endpoint. However, this workflow is defined as a workflow_call but is never called by any other workflow. If this workflow is intended to be invoked, ensure the calling workflow is configured appropriately for bot PRs (using pull_request_target rather than pull_request to enable write permissions).

Likely an incorrect or invalid review comment.


Comment @coderabbitai help to get the list of available commands and usage tips.

@tpantelis tpantelis merged commit 79d2c87 into submariner-io:devel Dec 12, 2025
8 checks passed
@submariner-bot
Copy link

🤖 Closed branches: [z_pr234/tpantelis/cr_pr_write]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants