fix: claude github action write permission for PR

2026-05-18 11:06:19 +00:00 · 2026-01-08 15:09:37 -08:00
parent 9643c09111
commit eb15382825
1 changed files with 5 additions and 10 deletions
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -19,11 +19,11 @@ jobs:
      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
    runs-on: ubuntu-latest
    permissions:
-      contents: read
-      pull-requests: read
+      contents: write        # Can push branches and create commits
+      pull-requests: write   # Can create and update PRs
      issues: read
      id-token: write
-      actions: read # Required for Claude to read CI results on PRs
+      actions: read          # Required for Claude to read CI results on PRs
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@@ -40,11 +40,6 @@ jobs:
          additional_permissions: |
            actions: read

-          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
-          # prompt: 'Update the pull request description to include a summary of changes.'
-
-          # Optional: Add claude_args to customize behavior and configuration
-          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
-          # or https://code.claude.com/docs/en/cli-reference for available options
-          # claude_args: '--allowed-tools Bash(gh pr:*)'
+          # Allow all tools - branch protection rules at repo level prevent direct pushes to main/master
+          # Omitting --allowedTools means all tools are available by default