26477982041
95%

Ran 26 May 2026 10:14PM UTC

Jobs 1

Files 89

Run time 1min

Badge

Embed ▾

Committed 26 May 2026 10:08PM UTC coverage: 94.991% (-0.01%) from 95.005%

Build # 26477982041

Build Type

push

github

Committed by

web-flow

Commit Message

fix(release-sign): grant provenance job contents:write for parse-time validation (#529)

The SLSA generator's upload-assets nested job declares `contents: write`
as a required permission. GH Actions validates the declared permissions
of every nested job in a reusable workflow at workflow parse time —
*regardless of `if:` conditions* — and rejects the workflow when the
caller's permissions block can't cover all nested jobs.

PR #526 dropped `contents: write` from the provenance job (because
upload-assets is false, the upload nested job never runs at runtime).
That ran into:

  The nested job 'upload-assets' is requesting 'contents: write',
  but is only allowed 'contents: read'.

(Observed in run 26477192619.)

Restore `contents: write` to the provenance job's permissions block.
The upload-assets nested job is still gated off by `upload-assets: false`
in `with:`, so the PATCH against an immutable release that broke PR #521
still never executes — but the workflow parses.

A comment explains the parse-time-vs-runtime distinction so a future
maintainer who follows the principle of least privilege doesn't strip
it again.

Coverage Stats

13445 of 14154 relevant lines covered (94.99%)

412332.99 hits per line

Coverage Regressions

Lines	Coverage	∆	File
2	78.49	-0.56%	crates/tsoracle-paxos-toolkit/src/lifecycle/mod.rs

Jobs

ID	Job ID	Ran	Files	Coverage
1	26477982041.1	26 May 2026 10:14PM UTC	89	94.99	GitHub Action Run

prisma-risk / tsoracle / 26477982041
95%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Coverage Regressions

Jobs

Source Files on build 26477982041

prisma-risk / tsoracle / 26477982041 95%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Coverage Regressions

Jobs

Source Files on build 26477982041

prisma-risk / tsoracle / 26477982041
95%

README BADGES
x