Skip to content

Fix permission issue for auto-update workflows#2150

Merged
jaronoff97 merged 1 commit into
open-telemetry:mainfrom
MrAlias:fix-2149
Apr 16, 2026
Merged

Fix permission issue for auto-update workflows#2150
jaronoff97 merged 1 commit into
open-telemetry:mainfrom
MrAlias:fix-2149

Conversation

@MrAlias
Copy link
Copy Markdown
Contributor

@MrAlias MrAlias commented Apr 13, 2026
edited
Loading

Fix #2149

The auto-update workflows are currently failing:

The failure in both linked runs is a reusable-workflow permission mismatch. The caller workflows only allowed contents: read, while the called workflow’s update job requests contents: write and pull-requests: write so it can push a branch and open/edit a PR.

I fixed that by granting the required scopes on the calling job in .github/workflows/update-obi-chart.yaml and .github/workflows/update-target-allocator-chart.yaml. I kept the write grant scoped to the update job that invokes the reusable workflow instead of broadening workflow-wide defaults.

Verification

Note: Both action tests no longer fail on the permission issues, each run gets past startup_failure. Instead, they fail on not having access to the OTel bot token, which is expected.

@MrAlias MrAlias marked this pull request as ready for review April 13, 2026 17:51
@MrAlias MrAlias requested a review from a team as a code owner April 13, 2026 17:51
Copilot AI review requested due to automatic review settings April 13, 2026 17:51
Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes auto-update workflow failures caused by a reusable workflow permission mismatch by granting the required write scopes to the specific calling jobs that invoke the reusable workflow.

Changes:

  • Add job-scoped contents: write and pull-requests: write permissions to the update job in the Target Allocator auto-update workflow.
  • Add job-scoped contents: write and pull-requests: write permissions to the update job in the OBI auto-update workflow.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/update-target-allocator-chart.yaml Grants the calling update job the write permissions required by the called reusable workflow.
.github/workflows/update-obi-chart.yaml Grants the calling update job the write permissions required by the called reusable workflow.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jaronoff97 jaronoff97 merged commit 79a9321 into open-telemetry:main Apr 16, 2026
6 of 7 checks passed
@MrAlias MrAlias deleted the fix-2149 branch April 16, 2026 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jaronoff97 jaronoff97 jaronoff97 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug] new Image update workflow is failing

3 participants

@MrAlias @jaronoff97