From 778b7d50e1975a23ffa8251b4c90a3fe9fa7660b Mon Sep 17 00:00:00 2001 From: Ben Henning Date: Fri, 2 May 2025 08:05:34 -0700 Subject: [PATCH] fix: Fix conventional auto labeling (#8956) ## The basics - [x] I [validated my changes](https://developers.google.com/blockly/guides/contribute/core#making_and_verifying_a_change) ## The details ### Resolves This fixes the ongoing CI failure for the conventional auto-labeling. ### Proposed Changes This fixes the permissions in a way that should work. It may be the case that 'issues' only needs to be 'read' but I'm basically just copying what's done in https://github.com/GoogleCloudPlatform/developer-journey-app/blob/main/.github/workflows/auto-label.yml since it's working for them. ### Reason for Changes We want this workflow working--it's preferable to avoid getting used to a failing CI workflow (ideally every PR has zero CI failures). As for the specific changes, note that the check will still fail in this PR. Similar to #8811, it's not expected that the CI workflow will pass in this PR until the change is checked in since the workflow uses 'pull_request_target'. While I haven't verified this change directly, I'm fairly confident it will work given the project linked above and our successes with fixing the auto assigner workflow. Finally, the 'contents: read' bit is unnecessary since that's the default permission for `GITHUB_TOKEN` per https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token. Edit: It seems that the check actually is passing with these changes--that's a bit surprising to me. ### Test Coverage N/A ### Documentation N/A ### Additional Information None. --- .github/workflows/conventional-label.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conventional-label.yml b/.github/workflows/conventional-label.yml index 57eaaa698..42dcf2664 100644 --- a/.github/workflows/conventional-label.yml +++ b/.github/workflows/conventional-label.yml @@ -8,7 +8,7 @@ jobs: label: runs-on: ubuntu-latest permissions: - contents: read + issues: write pull-requests: write steps: - uses: bcoe/conventional-release-labels@v1