Skip to content

Update GitHub Actions workflow permissions for package publishing#362

Merged
jasonleenaylor merged 2 commits intomasterfrom
copilot/update-github-actions-permissions
Feb 6, 2026
Merged

Update GitHub Actions workflow permissions for package publishing#362
jasonleenaylor merged 2 commits intomasterfrom
copilot/update-github-actions-permissions

Conversation

Copy link
Contributor

Copilot AI commented Feb 6, 2026
edited
Loading

The workflow was failing to publish NuGet packages to GitHub Packages during pull requests because the default GITHUB_TOKEN lacked explicit package write permissions.

Changes

  • Added workflow-level permissions block to .github/workflows/ci-cd.yml: 
    permissions:
  contents: read
  packages: write

This grants the "Publish to Github packages" step the necessary permissions to push packages to nuget.pkg.github.com/sillsdev/index.json during PR builds.

Original prompt

Problem

The GitHub Actions workflow is failing when attempting to publish NuGet packages to GitHub Packages during pull requests. The step "Publish to Github packages" is encountering permission errors because the default GITHUB_TOKEN doesn't have explicit write permissions for packages.

Solution

Update the .github/workflows/ci-cd.yml file to include explicit permissions at the workflow level:

permissions:
  contents: read
  packages: write

Add this permissions block after the on: trigger section (around line 10, before the jobs: section).

Expected Outcome

After this change:

  • The workflow will have explicit write permission for GitHub Packages
  • The "Publish to Github packages" step will succeed during pull request builds
  • NuGet packages will be successfully published to nuget.pkg.github.com/sillsdev/index.json

File to Modify

  • .github/workflows/ci-cd.yml - Add the permissions block at the workflow level (between the on: section and jobs: section)

Reference

The specific step that needs these permissions:

- name: Publish to Github packages
  if: github.event_name == 'pull_request' && matrix.os == 'ubuntu-22.04'
  run: dotnet nuget push artifacts/*.nupkg -s https://nuget.pkg.github.com/sillsdev/index.json -k ${{secrets.GITHUB_TOKEN}} --skip-duplicate

This pull request was created from Copilot chat.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

This change is Reviewable

@jasonleenaylor
Add permissions for GitHub Packages publishing to workflow
bd29b55 
Co-authored-by: jasonleenaylor <2295227+jasonleenaylor@users.noreply.github.com>
@jasonleenaylor jasonleenaylor marked this pull request as ready for review February 6, 2026 18:20
Copilot AI changed the title [WIP] Update GitHub Actions workflow permissions for package publishing Add explicit permissions for GitHub Packages publishing Feb 6, 2026
@jasonleenaylor jasonleenaylor changed the title Add explicit permissions for GitHub Packages publishing Update GitHub Actions workflow permissions for package publishing Feb 6, 2026
Copilot AI requested a review from jasonleenaylor February 6, 2026 18:21
@jasonleenaylor jasonleenaylor enabled auto-merge (squash) February 6, 2026 18:23
@jasonleenaylor jasonleenaylor merged commit 640bb4c into master Feb 6, 2026
2 of 3 checks passed
@jasonleenaylor jasonleenaylor deleted the copilot/update-github-actions-permissions branch February 6, 2026 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonleenaylor jasonleenaylor Awaiting requested review from jasonleenaylor

Assignees

@jasonleenaylor jasonleenaylor

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jasonleenaylor