RCA done by copilot inside the github actions
Root cause: the workflow is passing the default token to a third‑party action that calls PR/diff APIs, and in this run that token doesn’t have the required permission scope for that request.
From the failing job log:
There seems to be an error in an API request
This is usually due to using a GitHub token without the adequate scope
From the job definition (.github/workflows/check-license.yml):
It uses JJ/github-pr-contains-action
Token passed is ${{ github.token }}
Fix
Grant explicit read permissions needed for pull request metadata/content in this workflow (or job), so the token has consistent scope when the action fetches diff data.
Why this solves it
The action needs to read PR diff data. Explicitly setting pull-requests: read (and contents: read) prevents under-scoped default token behavior that triggers the API failure.
Signed-off-by: Nizamudeen A <nia@redhat.com>
name: "Check for Incompatible Licenses"
on: [pull_request]
+permissions:
+ contents: read
+ pull-requests: read
+
jobs:
pull_request:
name: "Check for Incompatible Licenses"