freedak/invisible_playwright
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

ci: verify-assets needs contents:write to read draft releases

Browse Source 
gh release download 404s ("release not found") on a draft tag when the token
is contents:read — GitHub only shows drafts to tokens with push access. The
workflow still only reads assets; the scope bump is purely for draft visibility.
This commit is contained in:
feder-cr
2026-06-09 12:29:35 +02:00
parent 86a04d2d34
commit 7260f461bb
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/verify-assets.yml
+5 -1
View File
@@ -23,7 +23,11 @@ on:
required: true required: true
permissions: permissions:
contents: read # write (not read) is required: GitHub only exposes DRAFT releases to tokens
# with push access. With contents:read, `gh release download` on a draft tag
# 404s ("release not found"). This workflow only READS assets — the elevated
# scope is solely to make draft releases visible to GITHUB_TOKEN.
contents: write
jobs: jobs:
drive: drive: