From 4019ef1a9bdbdd3cf6f741e0fb23be6f271697f8 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 20:04:21 +0000 Subject: [PATCH 1/2] chore: add explicit permissions to release-please workflow --- .github/workflows/release-please.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 7401422a0..6e4f2e9b1 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -165,6 +165,7 @@ jobs: actions: read id-token: write contents: write + pull-requests: write uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 with: base64-subjects: "${{ needs.release-client.outputs[format('hashes-{0}', matrix.os)] }}" From 16f70bbd5276e407adcbd38283a1aaebdf905fed Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 20:07:41 +0000 Subject: [PATCH 2/2] fix: add permissions to release-please job, not provenance job Co-Authored-By: rlamb@launchdarkly.com --- .github/workflows/release-please.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 6e4f2e9b1..f6af1d0bb 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -7,6 +7,9 @@ name: release-please jobs: release-please: runs-on: ubuntu-22.04 + permissions: + contents: write + pull-requests: write outputs: package-client-released: ${{ steps.release.outputs['libs/client-sdk--release_created'] }} package-client-tag: ${{ steps.release.outputs['libs/client-sdk--tag_name'] }} @@ -165,7 +168,6 @@ jobs: actions: read id-token: write contents: write - pull-requests: write uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 with: base64-subjects: "${{ needs.release-client.outputs[format('hashes-{0}', matrix.os)] }}"