Title: vulnerability-alerts: read incorrectly emitted as job-level workflow permission in compiled lock file (v0.63.0)
Summary
After upgrading to v0.63.0, workflows using the dependabot toolset with GitHub App auth fail to queue with:
Failed to queue workflow run: Invalid Argument - failed to parse workflow:
(Line: 259, Col: 7): Unexpected value 'vulnerability-alerts'
Background
PR #22144 (which resolved issue #17978) correctly added vulnerability-alerts to the dependabot toolset's required permissions and extended the frontmatter schema to accept vulnerability-alerts: read. The fix works correctly for the actions/create-github-app-token step — permission-vulnerability-alerts: read is properly emitted there.
Bug
When vulnerability-alerts: read is declared in the workflow frontmatter permissions: block, the compiler copies it verbatim into the generated job-level permissions: block in the .lock.yml file:
Generated in agent job — INVALID, GitHub Actions rejects this
permissions:
contents: read
pull-requests: read
security-events: read
vulnerability-alerts: read # <- causes parse error
vulnerability-alerts is a GitHub App-only permission — it is not a valid GitHub Actions workflow permission key. GitHub Actions rejects it at queue time.
The token-minting step is correctly generated:
This part is correct
- name: Generate GitHub App token
uses: actions/create-github-app-token@...
with:
permission-vulnerability-alerts: read
Expected Behaviour
vulnerability-alerts: read should only appear in the create-github-app-token step inputs (permission-vulnerability-alerts: read). It should not be propagated to the job-level permissions: block in the compiled lock file.
Workaround
Compile normally (keeping vulnerability-alerts: read in the frontmatter so the token step gets the right value), then manually remove it from the job-level permissions: block in the generated .lock.yml. This patch must be reapplied after every gh aw compile.
Steps to Reproduce
- Use gh-aw v0.63.0
- Create a workflow with the
dependabot toolset + GitHub App auth and declare:
permissions:
vulnerability-alerts: read
- Run
gh aw compile
- Observe
vulnerability-alerts: read appears in the compiled job permissions: block
- Push and attempt to trigger — GitHub Actions rejects with the parse error above
References
Title:
vulnerability-alerts: readincorrectly emitted as job-level workflow permission in compiled lock file (v0.63.0)Summary
After upgrading to v0.63.0, workflows using the
dependabottoolset with GitHub App auth fail to queue with:Failed to queue workflow run: Invalid Argument - failed to parse workflow:
(Line: 259, Col: 7): Unexpected value 'vulnerability-alerts'
Background
PR #22144 (which resolved issue #17978) correctly added
vulnerability-alertsto thedependabottoolset's required permissions and extended the frontmatter schema to acceptvulnerability-alerts: read. The fix works correctly for theactions/create-github-app-tokenstep —permission-vulnerability-alerts: readis properly emitted there.Bug
When
vulnerability-alerts: readis declared in the workflow frontmatterpermissions:block, the compiler copies it verbatim into the generated job-levelpermissions:block in the.lock.ymlfile:Generated in agent job — INVALID, GitHub Actions rejects this
permissions:
contents: read
pull-requests: read
security-events: read
vulnerability-alerts: read # <- causes parse error
vulnerability-alertsis a GitHub App-only permission — it is not a valid GitHub Actions workflow permission key. GitHub Actions rejects it at queue time.The token-minting step is correctly generated:
This part is correct
uses: actions/create-github-app-token@...
with:
permission-vulnerability-alerts: read
Expected Behaviour
vulnerability-alerts: readshould only appear in thecreate-github-app-tokenstep inputs (permission-vulnerability-alerts: read). It should not be propagated to the job-levelpermissions:block in the compiled lock file.Workaround
Compile normally (keeping
vulnerability-alerts: readin the frontmatter so the token step gets the right value), then manually remove it from the job-levelpermissions:block in the generated.lock.yml. This patch must be reapplied after everygh aw compile.Steps to Reproduce
dependabottoolset + GitHub App auth and declare:permissions:
vulnerability-alerts: read
gh aw compilevulnerability-alerts: readappears in the compiled jobpermissions:blockReferences
vulnerability-alertsGitHub App permission for dependabot toolset #22144