Description
Two related bugs that compound each other, resulting in the code review action running successfully but silently posting no output anywhere.
Bug 1: Generated workflow template has wrong permissions
The workflow template generated by the /install-github-app command sets pull-requests: read:
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
Posting review comments requires pull-requests: write. The template should include write permission since that is the entire purpose of the code review workflow.
Bug 2: Action silently swallows the permission error
When the action attempts to post a review comment and receives a 403 from the GitHub API due to insufficient permissions, it exits 0. The job reports success with no indication that the review was never written anywhere.
Expected behaviour
- The generated template should include
pull-requests: write
- The action should fail the step (non-zero exit) when it receives a permission error trying to write a review, so the misconfiguration is surfaced immediately
Impact
Without either fix, there is no feedback loop: the template is wrong, the action doesn't complain, the job shows green, and reviews silently go nowhere.
Description
Two related bugs that compound each other, resulting in the code review action running successfully but silently posting no output anywhere.
Bug 1: Generated workflow template has wrong permissions
The workflow template generated by the
/install-github-appcommand setspull-requests: read:Posting review comments requires
pull-requests: write. The template should include write permission since that is the entire purpose of the code review workflow.Bug 2: Action silently swallows the permission error
When the action attempts to post a review comment and receives a 403 from the GitHub API due to insufficient permissions, it exits 0. The job reports success with no indication that the review was never written anywhere.
Expected behaviour
pull-requests: writeImpact
Without either fix, there is no feedback loop: the template is wrong, the action doesn't complain, the job shows green, and reviews silently go nowhere.