From 0ff551094c37f57ede8da7615e3b949b0648ceaf Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Thu, 14 May 2026 16:03:41 +0000 Subject: [PATCH] ci: add permissions to publish caller job and upgrade release-please-action to v5 The release-please workflow fails with startup_failure because the caller job invoking publish.yml does not declare explicit permissions. Also upgrades release-please-action from v4 to v5. Co-Authored-By: rlamb@launchdarkly.com <4955475+kinyoklion@users.noreply.github.com> --- .github/workflows/release-please.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index e24992b..451b298 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write steps: - - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4 + - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 id: release with: token: ${{secrets.GITHUB_TOKEN}} @@ -26,8 +26,14 @@ jobs: needs: ['release-please'] if: ${{ needs.release-please.outputs.releases_created == 'true' }} uses: ./.github/workflows/ci.yml + publish: needs: ['release-please', 'ci'] + permissions: + id-token: write + contents: write + pull-requests: write + attestations: write if: ${{ needs.release-please.outputs.releases_created == 'true' }} uses: ./.github/workflows/publish.yml with: