From 6a4e5426e0ea9bb8985ad2455a2e3f8607c6d570 Mon Sep 17 00:00:00 2001
From: Jairo Panduro <jairo.panduro@bigcommerce.com>
Date: Wed, 1 Apr 2026 11:20:08 +0200
Subject: [PATCH] ci: expand OIDC permissions with issues and pull-requests
 write access

Add issues:write and pull-requests:write permissions needed by
@semantic-release/github to comment on released issues and PRs.
Add inline comments to clarify the purpose of each permission.

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/release.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e676e40..cbfa0c6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,8 +7,10 @@ jobs:
     build:
         runs-on: ubuntu-latest
         permissions:
-            contents: write
-            id-token: write
+            contents: write # to be able to publish a GitHub release
+            issues: write # to be able to comment on released issues
+            pull-requests: write # to be able to comment on released pull requests
+            id-token: write # to enable use of OIDC for trusted publishing and npm provenance
         steps:
             - uses: actions/checkout@v4
             - uses: actions/setup-node@v6