You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a workflow uses a GitHub App for safe-output authentication (safe-outputs.github-app:) and create-pull-request.allowed-files includes .github/workflows/*.lock.yml, the compiler does not auto-infer permission-workflows: write on the minted GitHub App token. The PR creation safe-output job then fails because pushing to .github/workflows/ requires the workflows permission per GitHub Actions' built-in branch protection.
Current Workaround
After every gh aw compile, we run a fragile sed injection to manually add permission-workflows: write to the compiled .lock.yml:
sed -i 's/permission-pull-requests: write/permission-pull-requests: write\n permission-workflows: write/' \
.github/workflows/daily-workflow-maintenance.lock.yml
This is fragile: it relies on permission-pull-requests: write being present at a specific position in the compiled output. Any compiler change to output ordering or whitespace breaks it.
Expected Behavior
The compiler should auto-infer workflows: write on the GitHub App token when allowed-files (or protected-files: allowed) includes patterns matching .github/workflows/**.
Alternatively, support an explicit permissions: field within safe-outputs.github-app: so users can declare additional GitHub App token permissions:
The auth docs state tokens are "minted with permissions specific to the safe output operations being performed" and list workflows under "GitHub App-Only Permissions", yet the compiler does not include it when the allowed-files pattern would require it
The permissions docs list workflows as a GitHub App-only permission, confirming it cannot be granted via GITHUB_TOKEN
Problem
When a workflow uses a GitHub App for safe-output authentication (
safe-outputs.github-app:) andcreate-pull-request.allowed-filesincludes.github/workflows/*.lock.yml, the compiler does not auto-inferpermission-workflows: writeon the minted GitHub App token. The PR creation safe-output job then fails because pushing to.github/workflows/requires theworkflowspermission per GitHub Actions' built-in branch protection.Current Workaround
After every
gh aw compile, we run a fragilesedinjection to manually addpermission-workflows: writeto the compiled.lock.yml:sed -i 's/permission-pull-requests: write/permission-pull-requests: write\n permission-workflows: write/' \ .github/workflows/daily-workflow-maintenance.lock.ymlThis is fragile: it relies on
permission-pull-requests: writebeing present at a specific position in the compiled output. Any compiler change to output ordering or whitespace breaks it.Expected Behavior
The compiler should auto-infer
workflows: writeon the GitHub App token whenallowed-files(orprotected-files: allowed) includes patterns matching.github/workflows/**.Alternatively, support an explicit
permissions:field withinsafe-outputs.github-app:so users can declare additional GitHub App token permissions:Context
workflows: writeauto-inference remains)workflowsunder "GitHub App-Only Permissions", yet the compiler does not include it when the allowed-files pattern would require itworkflowsas a GitHub App-only permission, confirming it cannot be granted viaGITHUB_TOKEN