Skip to content

chore: add explicit permissions to release-please workflow#31

Merged
kinyoklion merged 1 commit into
v3from
devin/1774468964-add-release-please-permissions
Mar 25, 2026
Merged

chore: add explicit permissions to release-please workflow#31
kinyoklion merged 1 commit into
v3from
devin/1774468964-add-release-please-permissions

Conversation

@kinyoklion
Copy link
Copy Markdown
Member

@kinyoklion kinyoklion commented Mar 25, 2026
edited by cursor Bot
Loading

Requirements

  • I have added test coverage for new or changed functionality
  • I have followed the repository's pull request submission guidelines
  • I have validated my changes against all supported platform versions

Related issues

N/A — this is a permissions fix identified during an audit of all launchdarkly-sdk-tagged repositories.

Describe the solution you've provided

Adds explicit contents: write and pull-requests: write permissions to the release-please job in the release-please workflow. Without these, the release-please action may not have sufficient permissions to create release PRs or GitHub releases when the repository or org uses restrictive default token permissions.

Describe alternatives you've considered

Setting default permissions at the workflow level (permissions: at the top) was considered, but job-level permissions are more precise and avoid granting unnecessary access to other jobs in the same workflow.

Additional context

This was identified as part of an audit of all non-archived repos with the launchdarkly-sdk topic. The release-please job had no explicit permissions block, relying on default token permissions which may not include pull-requests: write.

Human review checklist:

  • Confirm the permissions are applied to the correct job (release-please)
  • Confirm no other jobs in the workflow are affected

Link to Devin session: https://app.devin.ai/sessions/a83b6e4f4fa14b96b859cfb50755a2c1
Requested by: @kinyoklion

Note

Low Risk
Low risk: workflow-only change that grants release-please the minimal write permissions needed to open release PRs and create releases, without affecting application code.

Overview
Adds an explicit permissions block to the release-please GitHub Actions job, granting contents: write and pull-requests: write so the release-please action can create release PRs and publish releases under restrictive default token settings.

Written by Cursor Bugbot for commit 927b063. This will update automatically on new commits. Configure here.

@devin-ai-integration
Copy link
Copy Markdown
Contributor

devin-ai-integration Bot commented Mar 25, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@kinyoklion kinyoklion marked this pull request as ready for review March 25, 2026 20:19
@kinyoklion kinyoklion requested a review from a team as a code owner March 25, 2026 20:19
@kinyoklion kinyoklion merged commit 28a04b2 into v3 Mar 25, 2026
11 of 12 checks passed
@kinyoklion kinyoklion deleted the devin/1774468964-add-release-please-permissions branch March 25, 2026 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joker23 joker23 joker23 approved these changes

Assignees

@kinyoklion kinyoklion

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kinyoklion @joker23