-
Notifications
You must be signed in to change notification settings - Fork 27
Fix publishing flow #59
Copy link
Copy link
Open
Labels
triage meI really want to be triaged.I really want to be triaged.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Description
Metadata
Metadata
Assignees
Labels
triage meI really want to be triaged.I really want to be triaged.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
The current publishing flow fails after a PR is merged because the reusable workflow publish-mcp.yml requires id-token: write for OIDC authentication.
Since this workflow is called transitively via publish.yml from release-please.yml, and the top-level workflow does not grant id-token permissions, GitHub rejects the workflow during validation. REusable workflows cannot request permissions that exceed those explicitly allowed by their callers.