ci: fix package acceptance permissions

2026-05-06 07:50:43 +00:00 · 2026-04-27 04:27:42 +01:00
parent 2c092a0eff
commit 6a05b9eec5
2 changed files with 2 additions and 0 deletions
--- a/.github/workflows/package-acceptance.yml
+++ b/.github/workflows/package-acceptance.yml
@@ -73,6 +73,7 @@ permissions:
  actions: read
  contents: read
  packages: write
+  pull-requests: read

 concurrency:
  group: package-acceptance-${{ github.run_id }}
--- a/test/scripts/package-acceptance-workflow.test.ts
+++ b/test/scripts/package-acceptance-workflow.test.ts
@@ -19,6 +19,7 @@ describe("package acceptance workflow", () => {
    expect(workflow).toContain("scripts/resolve-openclaw-package-candidate.mjs");
    expect(workflow).toContain('gh run download "$ARTIFACT_RUN_ID"');
    expect(workflow).toContain("name: ${{ env.PACKAGE_ARTIFACT_NAME }}");
+    expect(workflow).toContain("pull-requests: read");
    expect(workflow).toContain(
      "uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml",
    );