Increase token permissions, to view draft releases

Draft releases are viewable to users with write permissions on the repository. Accordingly, for a GitHub tokens for a GitHub Actions job to be able to view draft releases, it needs `contents: write`, even if (as here) it is neither changing any state associated with the release nor accessing other repository content in any way. (It does read and write the discussion, but `content` doesn't cover that.) Otherwise, attempting to view the release would have the same effect whether the release exists but is a draft, or does not exist at all. Even in testing, we do not want the job to go ahead and announce a nonexistent release, such as one that has been deleted (including deleted after the job has run but before it is re-run), into a discussion. So it can be useful to distingiush those cases.
EliahKagan · Nov 20, 2024 · fe5c3ac · fe5c3ac
1 parent 4c1f540
commit fe5c3ac
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -435,7 +435,7 @@ jobs:
     needs: [ create-release, publish-release ]
 
     permissions:
-      contents: read
+      contents: write  # Needed to distinguish unpublished (still draft) from missing releases.
       discussions: write
 
     env: