Skip to content

Add copilot-requests: write to all .github/workflows#362

Merged
pelikhan merged 4 commits into
mainfrom
copilot/update-aws-permissions
Jun 26, 2026
Merged

Add copilot-requests: write to all .github/workflows#362
pelikhan merged 4 commits into
mainfrom
copilot/update-aws-permissions

Conversation

Copilot AI commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

All 5 agentic workflows in .github/workflows lacked the copilot-requests: write permission required by the Copilot API.

Changes

  • Source .md files — replaced permissions: read-all (string shorthand) with the explicit object form that preserves full read access and adds the write permission: 
    permissions:
  all: read
  copilot-requests: write
  • Lock files — recompiled all 5 .lock.yml files; copilot-requests: write now appears in the relevant compiled jobs

Affected workflows: daily-repo-goals, daily-workflow-sync, import-workflow, link-checker, maintainer.

Copilot AI and others added 2 commits June 26, 2026 05:33
@pelikhan
Update .github/workflows to add copilot-requests: write permission
fe95ff7 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Add copilot-requests: write permission to all .github/workflows and r…
307c408 
…ecompile lock files

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title Add copilot-requests: write permission to .github/workflows Add copilot-requests: write to all .github/workflows Jun 26, 2026
Copilot AI requested a review from pelikhan June 26, 2026 05:34
@pelikhan

pelikhan commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

@copilot replace permissions.all.read with minimal permissions. use gh-aw compile to ensure there are enough.

@pelikhan
Use minimal permissions instead of all:read in .github/workflows
4b4bbf2 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

@copilot replace permissions.all.read with minimal permissions. use gh-aw compile to ensure there are enough.

Done. Replaced all: read with minimal per-workflow permissions, verified with gh aw compile --validate (0 errors, 0 warnings):

  • daily-repo-goals / import-workflow (toolsets: [all]): contents, issues, pull-requests, actions, discussions, security-events read
  • maintainer (toolsets: [repos, issues, pull_requests]): contents, issues, pull-requests read
  • link-checker (toolsets: [default]): contents, issues, pull-requests read
  • daily-workflow-sync (specific tool allowlist): contents, issues, pull-requests read

All workflows retain copilot-requests: write.

@pelikhan pelikhan marked this pull request as ready for review June 26, 2026 05:45
@pelikhan pelikhan merged commit cbf4f2d into main Jun 26, 2026
@pelikhan pelikhan deleted the copilot/update-aws-permissions branch June 26, 2026 05:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan