Skip to content

fix: grant deployments:write to CI deploy job#6

Merged
MTG-Thomas merged 1 commit intomainfrom
copilot/diagnose-failing-builds
Apr 1, 2026
Merged

fix: grant deployments:write to CI deploy job#6
MTG-Thomas merged 1 commit intomainfrom
copilot/diagnose-failing-builds

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 1, 2026

Summary

cloudflare/pages-action@v1 calls the GitHub Deployments API (POST /repos/.../deployments) using gitHubToken. Without an explicit permissions block, GITHUB_TOKEN defaults don't include deployments: write, causing a 403 on every push to main.

Added permissions: deployments: write scoped to the deploy job:

deploy:
  name: Deploy to Cloudflare Pages
  permissions:
    deployments: write

Testing

  • Ran npm test locally — all tests pass
  • Tested manually on fieldops-delta.vercel.app (required for any HaloPSA API changes)
  • Added or updated tests for new/changed behavior

Notes

Permission is scoped to the deploy job only — no other job gets elevated access. The test job is unaffected.

@MTG-Thomas MTG-Thomas marked this pull request as ready for review April 1, 2026 20:57
@MTG-Thomas MTG-Thomas merged commit 75e3c89 into main Apr 1, 2026
4 checks passed
@MTG-Thomas MTG-Thomas deleted the copilot/diagnose-failing-builds branch April 1, 2026 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@MTG-Thomas MTG-Thomas

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MTG-Thomas