Fix deploy previews for external contributors

[fulopkovacs]

One external contributor opened up a PR, but the Deploy Preview action failed:

https://github.com/fulopkovacs/trytanstackdb.com/actions/runs/20492081292/job/58886072298

This PR tries to fix that issue.

Summary by CodeRabbit

• Chores
  • Updated workflow permissions to enable automated issue management capabilities within the continuous integration pipeline.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A new permission "issues: write" is added to the GitHub Actions workflow configuration in .github/workflows/main.yml. All other permissions and workflow functionality remain unchanged.

Changes

Cohort / File(s)	Summary
GitHub Actions Configuration .github/workflows/main.yml	Added "issues: write" permission to the permissions section to enable write access to repository issues

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding 'issues: write' permission to fix Deploy Preview failures for external contributors, which aligns with the PR's stated objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-deploy-previews-for-all-prs

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 72a312f and 5a9c042.

📒 Files selected for processing (1)

• .github/workflows/main.yml

🔇 Additional comments (1)

.github/workflows/main.yml (1)

10-13: This solution is incomplete for fork PR write access.

The workflow uses pull_request trigger and multiple github.rest.issues.* API calls that require write permissions. However, simply adding issues: write to the permissions block does not grant write access to the GITHUB_TOKEN for pull requests from forks. By default, GitHub restricts GITHUB_TOKEN to read-only for fork PRs, regardless of declared permissions in the workflow file.

To enable writing to PRs from external contributors, one of these approaches is required:

• Have repository administrators enable "Send write tokens to pull requests from forks" in Actions settings
• Use a personal access token (PAT) stored as a secret instead of GITHUB_TOKEN
• Switch to pull_request_target trigger (requires careful handling of untrusted code)

Verify which approach is intended before merging.

Likely an incorrect or invalid review comment.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Preview Deployment

Status: ✅ Ready!

Preview URL: Open Preview

Commit: 5a9c0424322ae7db388892c9030b57cb08ea9190

Built and deployed successfully