From 7abc3ee4062ec28eeb6b1b2979a7811797401a0c Mon Sep 17 00:00:00 2001 From: Jeremy Eder Date: Sat, 7 Feb 2026 03:55:33 -0500 Subject: [PATCH] fix(ci): add workflows:write permission to amber-issue-handler The amber-handler job fails at the "Push branch to remote" step when Amber creates or modifies files under .github/workflows/. GitHub requires the explicit `workflows` permission for any token that touches workflow files, even if `contents: write` is already granted. Ref: https://github.com/ambient-code/platform/actions/runs/21777412886/job/62836130769 Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/amber-issue-handler.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/amber-issue-handler.yml b/.github/workflows/amber-issue-handler.yml index 82906f0df..20c6b37a1 100644 --- a/.github/workflows/amber-issue-handler.yml +++ b/.github/workflows/amber-issue-handler.yml @@ -29,7 +29,8 @@ permissions: contents: write issues: write pull-requests: write - id-token: write # Required for OIDC token (Bedrock/Vertex/Foundry/OAuth) + id-token: write # Required for OIDC token (Bedrock/Vertex/Foundry/OAuth) + workflows: write # Required to create/update GitHub Actions workflow files jobs: amber-handler: