Description
When PK updates workflow files during a dependency update, pushing the changes fails because workflows permissions are missing for the workflow. See also https://github.com/exasol/google-cloud-storage-document-files-virtual-schema/actions/runs/9311902315/job/25631964808
...
Adding untracked files:
add '.github/workflows/broken_links_checker.yml'
add '.github/workflows/ci-build-next-java.yml'
add '.github/workflows/ci-build.yml'
add 'dependencies.md'
add 'doc/changes/changelog.md'
add 'doc/user_guide/user_guide.md'
add 'pk_generated_parent.pom'
add 'pom.xml'
add 'src/test/java/com/exasol/adapter/document/files/IntegrationTestSetup.java'
add 'doc/changes/changes_2.0.4.md'
Committing changes...
[dependency-update/20240531022012 f23230e] 🔐 Update dependencies to fix vulnerabilities
10 files changed, 63 insertions(+), 28 deletions(-)
create mode 100644 doc/changes/changes_2.0.4.md
Pushing branch dependency-update/20240531022012...
To https://github.com/exasol/google-cloud-storage-document-files-virtual-schema
! [remote rejected] dependency-update/20240531022012 -> dependency-update/20240531022012 (refusing to allow a GitHub App to create or update workflow `.github/workflows/broken_links_checker.yml` without `workflows` permission)
error: failed to push some refs to 'https://github.com/exasol/google-cloud-storage-document-files-virtual-schema'
Error: Process completed with exit code 1.
The workflow dependencies_update.yml runs PK fix which potentially updates workflows.
Due to restrictions of GitHub permissions it is not possible for a workflow triggered by an event to modify GitHub workflows (see https://github.com/orgs/community/discussions/35410). That's why pushing the changes failed. A workaround would be to use a separate PAT, but this is too much effort.
We decided to skip running PK fix. The user must checkout the branch locally and run PK fix manually.