From 31f32da51ada25d47d28dfec1baf624e39890285 Mon Sep 17 00:00:00 2001 From: Nizamudeen A Date: Fri, 10 Jul 2026 11:12:58 +0530 Subject: [PATCH] .github: fix check-license permission issue MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit RCA done by copilot inside the github actions Root cause: the workflow is passing the default token to a third‑party action that calls PR/diff APIs, and in this run that token doesn’t have the required permission scope for that request. From the failing job log: There seems to be an error in an API request This is usually due to using a GitHub token without the adequate scope From the job definition (.github/workflows/check-license.yml): It uses JJ/github-pr-contains-action Token passed is ${{ github.token }} Fix Grant explicit read permissions needed for pull request metadata/content in this workflow (or job), so the token has consistent scope when the action fetches diff data. Why this solves it The action needs to read PR diff data. Explicitly setting pull-requests: read (and contents: read) prevents under-scoped default token behavior that triggers the API failure. Signed-off-by: Nizamudeen A --- .github/workflows/check-license.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml index 89dcfa292c3..9dc48b6aa30 100644 --- a/.github/workflows/check-license.yml +++ b/.github/workflows/check-license.yml @@ -2,6 +2,10 @@ name: "Check for Incompatible Licenses" on: [pull_request] +permissions: + contents: read + pull-requests: read + jobs: pull_request: name: "Check for Incompatible Licenses" -- 2.47.3