Increase token permissions, to view draft releases

EliahKagan · EliahKagan · commit fe5c3accaa5a · 2024-11-20T05:55:03.000-05:00
Draft releases are viewable to users with write permissions on the
repository. Accordingly, for a GitHub tokens for a GitHub Actions
job to be able to view draft releases, it needs `contents: write`,
even if (as here) it is neither changing any state associated with
the release nor accessing other repository content in any way. (It
does read and write the discussion, but `content` doesn't cover
that.)

Otherwise, attempting to view the release would have the same
effect whether the release exists but is a draft, or does not exist
at all. Even in testing, we do not want the job to go ahead and
announce a nonexistent release, such as one that has been deleted
(including deleted after the job has run but before it is re-run),
into a discussion. So it can be useful to distingiush those cases.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -435,7 +435,7 @@ jobs:
     needs: [ create-release, publish-release ]
 
     permissions:
-      contents: read
+      contents: write  # Needed to distinguish unpublished (still draft) from missing releases.
       discussions: write
 
     env:
