Skip to content

Commit 438f922

Browse files
authored
Use job-level permissions in caller workflows (#7817)
## Summary Move permissions from workflow level to job level in caller workflows for the reusable Claude Code workflow. Updates test-infra's own caller and the setup script template Verified job-level permissions working on ciforge: https://github.com/pytorch/ciforge/actions/runs/22781976814 ## Test plan - [x] Job-level permissions verified working on ciforge (run linked above)
1 parent 90602a5 commit 438f922

File tree

2 files changed

+10
-12
lines changed

2 files changed

+10
-12
lines changed

.github/scripts/setup-claude-environment.py

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -41,15 +41,14 @@
4141
issues:
4242
types: [opened]
4343
44-
permissions:
45-
contents: read
46-
pull-requests: write
47-
issues: write
48-
id-token: write
49-
5044
jobs:
5145
claude-code:
5246
uses: pytorch/test-infra/.github/workflows/_claude-code.yml@main
47+
permissions:
48+
contents: read
49+
pull-requests: write
50+
issues: write
51+
id-token: write
5352
secrets: inherit
5453
"""
5554

.github/workflows/claude-code.yml

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,12 @@ on:
66
issues:
77
types: [opened]
88

9-
permissions:
10-
contents: read
11-
pull-requests: write
12-
issues: write
13-
id-token: write
14-
159
jobs:
1610
claude-code:
1711
uses: ./.github/workflows/_claude-code.yml
12+
permissions:
13+
contents: read
14+
pull-requests: write
15+
issues: write
16+
id-token: write
1817
secrets: inherit

0 commit comments

Comments
 (0)