From 3a990c1fc5f4119f5092c06db5956cbc54e9f94f Mon Sep 17 00:00:00 2001 From: Filip Hric Date: Sun, 28 Jun 2026 23:25:14 +0200 Subject: [PATCH] ci: grant issues/PR write to fix semantic-release success step The explicit permissions block restricts GITHUB_TOKEN to only the listed scopes. semantic-release's @semantic-release/github success hook comments on released issues/PRs, which needs issues:write and pull-requests:write. Without them the publish succeeds but the job exits 403 (Resource not accessible by integration). --- .github/workflows/tests.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f75e3c4..24b526c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -4,8 +4,10 @@ jobs: cypress-run: runs-on: ubuntu-latest permissions: - contents: write # semantic-release pushes tags / GitHub release - id-token: write # required for npm trusted publishing (OIDC) + contents: write # semantic-release pushes tags / GitHub release + id-token: write # required for npm trusted publishing (OIDC) + issues: write # semantic-release comments on released issues + pull-requests: write # semantic-release comments on released PRs steps: - name: Checkout uses: actions/checkout@v4