License-Vetting workflow on WildWebDeveloper fails due to "pull-requests: write" is nor allowed
Summary
License-Vetting workflow fails with the following error:
Invalid workflow file: .github/workflows/licensecheck.yml#L17
The workflow is not valid. .github/workflows/licensecheck.yml (Line: 17, Col: 3): Error calling workflow 'eclipse/dash-licenses/.github/workflows/mavenLicenseCheck.yml@master'. The nested job 'check-licenses' is requesting 'pull-requests: write', but is only allowed 'pull-requests: none'.It looks like the token doesn't have pull-requests: write enabled, while it's requested by https://github.com/eclipse/dash-licenses/blob/51f45991567a170692daba2759a454c9185c8d0f/.github/workflows/mavenLicenseCheck.yml#L52-L53:
permissions:
pull-requests: writeSteps to reproduce
Try running https://github.com/eclipse-wildwebdeveloper/wildwebdeveloper/actions/runs/7005481421 GH Action
What is the current bug behavior?
Running the WWD PR License check GH Action fails with "Startup failure" mentioned above
What is the expected correct behavior?
The WWD PR License check is to be successfully started
Relevant logs and/or screenshots
Invalid workflow file: .github/workflows/licensecheck.yml#L17
The workflow is not valid. .github/workflows/licensecheck.yml (Line: 17, Col: 3): Error calling workflow 'eclipse/dash-licenses/.github/workflows/mavenLicenseCheck.yml@master'. The nested job 'check-licenses' is requesting 'pull-requests: write', but is only allowed 'pull-requests: none'.Priority
-
Urgent -
High -
Medium -
Low
Severity
-
Blocker -
Major -
Normal -
Low
Impact
Automatic dependency license vetting is not possible anymore, so the dependency updates for the next release, if scheduled, will be blocked.
Edited by Victor Rubezhny