From b8216a9b4da2f20af5c8287d84dfc552922805c2 Mon Sep 17 00:00:00 2001 From: zeme Date: Thu, 21 May 2026 10:52:54 +0200 Subject: [PATCH 1/2] Grant explicit permissions to bump-plutus-version workflow The workflow uses peter-evans/create-pull-request and peter-evans/enable-pull-request-automerge, which require contents:write (to push the bump branch) and pull-requests:write (to open the PR and toggle auto-merge). Declaring the permissions explicitly at the workflow level makes the requirement self-evident and survives any future tightening of the repository default GITHUB_TOKEN scopes. The build-devcontainer workflow is left untouched since it only checks out and runs docker -- it needs no write access. --- .github/workflows/bump-plutus-version.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/bump-plutus-version.yml b/.github/workflows/bump-plutus-version.yml index b5eced7..a44f56c 100644 --- a/.github/workflows/bump-plutus-version.yml +++ b/.github/workflows/bump-plutus-version.yml @@ -7,6 +7,10 @@ on: description: plutus Release Version (e.g. 1.26.0.0) required: true +permissions: + contents: write + pull-requests: write + jobs: bump-plutus-version: name: Bump Plutus Version From b1d514c0d29ce312cb085b1280a1b08eb32bc11f Mon Sep 17 00:00:00 2001 From: zeme Date: Thu, 21 May 2026 10:55:03 +0200 Subject: [PATCH 2/2] wip --- .github/workflows/build-devcontainer.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build-devcontainer.yml b/.github/workflows/build-devcontainer.yml index 96193af..d10fc8b 100644 --- a/.github/workflows/build-devcontainer.yml +++ b/.github/workflows/build-devcontainer.yml @@ -4,6 +4,10 @@ on: workflow_dispatch: pull_request: +permissions: + contents: write + pull-requests: write + jobs: build-devcontainer: name: Build DevContainer