During scorecard work (PR #146 failure) and #148 handling, we noticed the root cause of auto-approve GraphQL failures on workflow-touching PRs is the App lacking workflows:write.
We added a code workaround (skip auto-merge for such PRs in auto-approve.yml) and closed #148.
However, the preferred fix (grant the permission via org settings + accept) was not completed because it requires browser interaction / CDP sign-in + sudo.
This is a noticed issue where we jumped to workaround instead of the real admin action.
See merged #152 for workaround.
Please grant it manually: https://github.com/organizations/patchloom/settings/apps/patchloom-release/permissions set Workflows to Read and write, then accept on installations page.
During scorecard work (PR #146 failure) and #148 handling, we noticed the root cause of auto-approve GraphQL failures on workflow-touching PRs is the App lacking workflows:write.
We added a code workaround (skip auto-merge for such PRs in auto-approve.yml) and closed #148.
However, the preferred fix (grant the permission via org settings + accept) was not completed because it requires browser interaction / CDP sign-in + sudo.
This is a noticed issue where we jumped to workaround instead of the real admin action.
See merged #152 for workaround.
Please grant it manually: https://github.com/organizations/patchloom/settings/apps/patchloom-release/permissions set Workflows to Read and write, then accept on installations page.