Skip to content

fix: grant pull-requests:write permission to reusable CI workflow changelog.yml (currently broken)#138

Merged
zerosnacks merged 1 commit intomainfrom
fix-changelog-ci-permissions
Mar 19, 2026
Merged

fix: grant pull-requests:write permission to reusable CI workflow changelog.yml (currently broken)#138
zerosnacks merged 1 commit intomainfrom
fix-changelog-ci-permissions

Conversation

@zerosnacks
Copy link
Copy Markdown
Contributor

@zerosnacks zerosnacks commented Mar 19, 2026
edited
Loading

Fixes the invalid workflow error in https://github.com/tempoxyz/mpp-rs/actions/workflows/changelog.yml

The nested job 'lint' is requesting 'pull-requests: write', but is only allowed 'pull-requests: none'.

The changelog.yml workflow calls ci.yml via workflow_call, but the lint job in ci.yml requests pull-requests: write (needed by tempoxyz/lints to post comments). Without explicit permissions on the caller's job, the reusable workflow inherits none for undeclared permissions.

Security: Safe — the trigger is pull_request (not pull_request_target), so fork PRs get a read-only GITHUB_TOKEN regardless. Same-repo PRs come from trusted collaborators.

@zerosnacks @ampcode-com
fix: grant pull-requests:write permission to reusable CI workflow
8823d1c 
The changelog workflow calls ci.yml via workflow_call, but the nested
lint job requests pull-requests:write (for posting lint comments).
Without explicit permissions on the caller job, it defaults to none.

Amp-Thread-ID: https://ampcode.com/threads/T-019d06ee-d3d0-7154-a409-52566ccb4a22
Co-authored-by: Amp <amp@ampcode.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 19, 2026
edited
Loading

Tempo Lint Results

Summary

Found 687 issue(s) across 41 file(s)

Severity Count
Errors 0
Warnings 687
Hints 0

Issues by Rule Type

no-unwrap-in-lib (673 occurrences)
  • /home/runner/work/mpp-rs/mpp-rs/src/body_digest.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/mcp.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/mcp.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.

... and 663 more

no-leading-whitespace-strings (10 occurrences)
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' for '
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' ({})'
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' is invalid.'
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' is invalid: already used.'
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' (Premium access).'
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/types.rs:1 - String literals should not start with leading whitespace. Found: ' and backslashes '
  • /home/runner/work/mpp-rs/mpp-rs/src/proxy/service.rs:1 - String literals should not start with leading whitespace. Found: ' — '
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs:1 - String literals should not start with leading whitespace. Found: ' now'
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs:1 - String literals should not start with leading whitespace. Found: ' now'
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs:1 - String literals should not start with leading whitespace. Found: ' now'
unsafe-needs-safety-comment (4 occurrences)
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.

Issues by File

View grouped by file

/home/runner/work/mpp-rs/mpp-rs/src/protocol/core/challenge.rs (85 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 80 more

/home/runner/work/mpp-rs/mpp-rs/src/client/tempo/session/mod.rs (58 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 53 more

/home/runner/work/mpp-rs/mpp-rs/src/client/tempo/signing/mod.rs (54 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 49 more

/home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs (47 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 42 more

/home/runner/work/mpp-rs/mpp-rs/src/protocol/methods/tempo/session_method.rs (39 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 34 more

/home/runner/work/mpp-rs/mpp-rs/src/client/tempo/session/channel_ops.rs (38 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 33 more

/home/runner/work/mpp-rs/mpp-rs/src/protocol/methods/tempo/method.rs (35 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 30 more

/home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs (32 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 27 more

/home/runner/work/mpp-rs/mpp-rs/src/client/tempo/charge/tx_builder.rs (30 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 25 more

/home/runner/work/mpp-rs/mpp-rs/src/server/middleware.rs (27 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 22 more

Showing 10 of 41 files

Posted by https://github.com/tempoxyz/lints

@zerosnacks zerosnacks changed the title fix: grant pull-requests:write permission to reusable CI workflow fix: grant pull-requests:write permission to reusable CI workflow changelog.yml (currently broken) Mar 19, 2026
@zerosnacks zerosnacks merged commit 102bef4 into main Mar 19, 2026
8 checks passed
@github-actions github-actions bot mentioned this pull request Mar 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendanjryan brendanjryan brendanjryan approved these changes

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@onbjerg onbjerg Awaiting requested review from onbjerg onbjerg is a code owner

@Slokh Slokh Awaiting requested review from Slokh Slokh is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zerosnacks @brendanjryan