Skip to content

ci: grant contents write permission for SBOM release attachments #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

ci: grant contents write permission for SBOM release attachments #7

Copilot wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Oct 31, 2025
edited
Loading

The Docker build workflow fails with "Resource not accessible by integration" when attaching SBOMs to releases because the build job has contents: read permission.

Changes

  • Changed build job's permissions.contents from read to write in .github/workflows/docker-build.yml
build:
  runs-on: ubuntu-latest
  permissions:
-   contents: read
+   contents: write
    packages: write
    id-token: write

This allows the workflow to attach SBOM artifacts to GitHub releases when tags are pushed.

Original prompt

Update the workflow file .github/workflows/docker-build.yml in repository bakerboy448/RedditModLog to fix the failing job that errors with 'Resource not accessible by integration' when attaching SBOMs to a release. The build job currently has permissions.contents: read which prevents the workflow from attaching files to releases. Change the build job's permissions.contents from 'read' to 'write' and make no other changes. Create a new branch named fix/sbom-permissions, commit the change with message 'ci: grant contents write permission so SBOMs can be attached to releases', and open a pull request against the main branch with the given title. Ensure the PR only modifies .github/workflows/docker-build.yml and explain in the PR description why the change is needed and how to verify it fixes the issue.

This pull request was created as a result of the following prompt from Copilot chat.

Update the workflow file .github/workflows/docker-build.yml in repository bakerboy448/RedditModLog to fix the failing job that errors with 'Resource not accessible by integration' when attaching SBOMs to a release. The build job currently has permissions.contents: read which prevents the workflow from attaching files to releases. Change the build job's permissions.contents from 'read' to 'write' and make no other changes. Create a new branch named fix/sbom-permissions, commit the change with message 'ci: grant contents write permission so SBOMs can be attached to releases', and open a pull request against the main branch with the given title. Ensure the PR only modifies .github/workflows/docker-build.yml and explain in the PR description why the change is needed and how to verify it fixes the issue.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@bakerboy448
ci: grant contents write permission so SBOMs can be attached to releases
0de67b9 
Co-authored-by: bakerboy448 <55419169+bakerboy448@users.noreply.github.com>
Copilot AI changed the title [WIP] Update permissions to attach SBOMs in releases ci: grant contents write permission for SBOM release attachments Oct 31, 2025
Copilot AI requested a review from bakerboy448 October 31, 2025 02:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bakerboy448 bakerboy448 Awaiting requested review from bakerboy448

Assignees

@bakerboy448 bakerboy448

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bakerboy448