fix: check-suite-success trigger uses token without actions permission#310
Merged
zbigniewsobiecki merged 1 commit intodevfrom Feb 16, 2026
Merged
Conversation
…igger The check-suite-success trigger calls getCheckSuiteStatus() which hits the Actions API (workflow runs endpoint). The default project GITHUB_TOKEN is a fine-grained PAT that lacks the actions permission, causing a 403. Use the review agent's credential override (classic PAT with repo scope) for this call, since the trigger already resolves it for the review identity check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
check-suite-successtrigger callsgetCheckSuiteStatus()which uses the Actions API (/actions/runs), but the default projectGITHUB_TOKENis a fine-grained PAT withoutactionspermission → 403reposcope) for the review identity check — now also uses it for the actions API call viawithGitHubTokenTest plan
npm run typecheckpassesnpm test— all 1301 tests pass🤖 Generated with Claude Code