From 5ba1fcd33695dc57cc0cded20cfbebc88befd227 Mon Sep 17 00:00:00 2001 From: Daniel Agoston <5380799+Deniel9204@users.noreply.github.com> Date: Fri, 26 Jun 2026 21:31:50 +0200 Subject: [PATCH] ci: grant release.yml contents:write so it can upload release assets The v0.1.0 release built every platform successfully but every job failed at the "Upload to release" step with "Resource not accessible by integration": the workflow declared no permissions, so its GITHUB_TOKEN was read-only and actions/upload-release-asset couldn't attach assets. Add the workflow-level `permissions: contents: write` (same as benchmark.yml already uses). The dry runs missed this because they upload via actions/upload-artifact (no write needed), not the release-asset path. --- .github/workflows/release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 81c0df55..2e9d7b4a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,12 @@ on: - created workflow_dispatch: +# Needed so the per-job "Upload to release" steps (actions/upload-release-asset) +# can attach assets — without this the GITHUB_TOKEN is read-only and uploads +# fail with "Resource not accessible by integration". +permissions: + contents: write + env: PROJECT_PATH: commet # Harden the native Rust build against transient crates.io fetch failures