Skip to content

Add attestations: write permission to app-builder workflow#1

Merged
mrdynamo merged 2 commits intomainfrom
copilot/fix-attestations-permission
Feb 11, 2026
Merged

Add attestations: write permission to app-builder workflow#1
mrdynamo merged 2 commits intomainfrom
copilot/fix-attestations-permission

Conversation

Copy link

Copilot AI commented Feb 11, 2026
edited
Loading

The attest job fails with "Resource not accessible by integration" when calling actions/attest-build-provenance. The workflow defines an explicit permissions block that overrides inherited permissions from the parent workflow.

Changes

  • Added attestations: write to the permissions block in .github/workflows/app-builder.yaml
permissions:
  contents: read
  packages: write
  id-token: write
  attestations: write  # Added

The parent release.yaml workflow passes attestations: write, but when a reusable workflow defines its own permissions block, it replaces rather than extends the inherited permissions.

Original prompt

The attest job in the App Builder workflow is failing with "Resource not accessible by integration" error when attempting to create attestations. This is because the app-builder.yaml workflow is missing the attestations: write permission in its permissions block.

While the parent release.yaml workflow correctly passes attestations: write to the called workflow, the app-builder.yaml defines its own permissions block that overrides the inherited permissions. The permissions section currently only includes:

  • contents: read
  • packages: write
  • id-token: write

The attestations: write permission needs to be explicitly added to allow the actions/attest-build-provenance action to successfully create and persist attestations.

Fix: Add attestations: write to the permissions block in .github/workflows/app-builder.yaml

This pull request was created from Copilot chat.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@mrdynamo
Add attestations: write permission to app-builder.yaml
f9c92b8 
Co-authored-by: mrdynamo <675855+mrdynamo@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix missing attestations write permission in app builder workflow Add attestations: write permission to app-builder workflow Feb 11, 2026
Copilot AI requested a review from mrdynamo February 11, 2026 01:35
@mrdynamo mrdynamo marked this pull request as ready for review February 11, 2026 01:37
@mrdynamo mrdynamo merged commit 4851ae0 into main Feb 11, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mrdynamo mrdynamo mrdynamo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mrdynamo mrdynamo

Copilot code review Copilot

Labels

area/github

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrdynamo