From 1a71318f5ba9d184da3e5d421ff300244d89e9c5 Mon Sep 17 00:00:00 2001 From: Fritz Date: Wed, 1 Jul 2026 08:08:29 -0500 Subject: [PATCH] fix(ci): grant contents:write to build-native reusable workflow call release.yml calls build-native.yml via `uses:` without a permissions block. Its nested commit-binaries job statically declares `permissions: contents: write`, and GitHub validates every declared job's permissions in a called workflow at parse time -- regardless of runtime `if:` conditions -- rejecting the whole run before scheduling any jobs if the caller doesn't grant it. This has made every Release Pipeline run fail with startup_failure (0 jobs, 0 check-runs) since the repo's default Actions token permission was tightened. Co-Authored-By: claude-flow --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3eb557db60..1e743eba1d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -206,6 +206,8 @@ jobs: needs: validate if: always() && (needs.validate.result == 'success' || needs.validate.result == 'skipped') uses: ./.github/workflows/build-native.yml + permissions: + contents: write with: skip_commit: true