From: Nizamudeen A Date: Fri, 10 Jul 2026 05:42:58 +0000 (+0530) Subject: .github: fix check-license permission issue X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=31f32da51ada25d47d28dfec1baf624e39890285;p=ceph.git .github: fix check-license permission issue RCA done by copilot inside the github actions Root cause: the workflow is passing the default token to a third‑party action that calls PR/diff APIs, and in this run that token doesn’t have the required permission scope for that request. From the failing job log: There seems to be an error in an API request This is usually due to using a GitHub token without the adequate scope From the job definition (.github/workflows/check-license.yml): It uses JJ/github-pr-contains-action Token passed is ${{ github.token }} Fix Grant explicit read permissions needed for pull request metadata/content in this workflow (or job), so the token has consistent scope when the action fetches diff data. Why this solves it The action needs to read PR diff data. Explicitly setting pull-requests: read (and contents: read) prevents under-scoped default token behavior that triggers the API failure. Signed-off-by: Nizamudeen A --- diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml index 89dcfa292c3..9dc48b6aa30 100644 --- a/.github/workflows/check-license.yml +++ b/.github/workflows/check-license.yml @@ -2,6 +2,10 @@ name: "Check for Incompatible Licenses" on: [pull_request] +permissions: + contents: read + pull-requests: read + jobs: pull_request: name: "Check for Incompatible Licenses"