Skip to content

Commit e5a5209

Browse files
committed
fix(ci): grant security-events: write to release workflow
The security reusable workflow's secrets job requests security-events: write to upload the betterleaks SARIF report. When called from release.yml, GitHub intersects caller and callee permissions and uses the most restrictive; release.yml only declared contents: read, so the SARIF permission was dropped to none and the workflow failed at startup before any job ran. Add security-events: write to the release.yml workflow-level permissions block so the reusable security workflow can run end to end on tag pushes.
1 parent 29b9644 commit e5a5209

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

.github/workflows/release.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ on:
77

88
permissions:
99
contents: read
10+
security-events: write
1011

1112
jobs:
1213
security:

0 commit comments

Comments
 (0)