apunkt/invisible_playwright
1
0
Fork 0
mirror of https://github.com/feder-cr/invisible_playwright.git synced 2026-06-10 08:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

ci: verify-assets needs contents:write to read draft releases

Browse source 
gh release download 404s ("release not found") on a draft tag when the token
is contents:read — GitHub only shows drafts to tokens with push access. The
workflow still only reads assets; the scope bump is purely for draft visibility.
This commit is contained in:
feder-cr 2026-06-09 12:29:35 +02:00
parent 86a04d2d34
commit 7260f461bb
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/verify-assets.yml vendored
View file

@ -23,7 +23,11 @@ on:
required: true
permissions:
contents: read
# write (not read) is required: GitHub only exposes DRAFT releases to tokens
# with push access. With contents:read, `gh release download` on a draft tag
# 404s ("release not found"). This workflow only READS assets — the elevated
# scope is solely to make draft releases visible to GITHUB_TOKEN.
contents: write
jobs:
drive: