From 7d6bfd4f83c66ea318c219e6887f0f8ec4ce2070 Mon Sep 17 00:00:00 2001 From: Nubenetes Bot Date: Thu, 21 May 2026 22:04:54 +0200 Subject: [PATCH] fix: resolve workflow YAML syntax and implement security safety reset - Removed conflictive 'workflows: write' permission. - Added 'Safety Reset for Workflow Files' step to prevent GHA from trying to self-modify configuration files during the PR sync. - This ensures the PR will only contain technical metadata and V2 documentation, avoiding permission rejections. --- .github/workflows/agentic_v2_builder.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/agentic_v2_builder.yml b/.github/workflows/agentic_v2_builder.yml index 1919bce3..8722e8cf 100644 --- a/.github/workflows/agentic_v2_builder.yml +++ b/.github/workflows/agentic_v2_builder.yml @@ -25,7 +25,6 @@ on: permissions: contents: write pull-requests: write - workflows: write concurrency: group: v2-builder-${{ github.ref }} @@ -91,6 +90,11 @@ jobs: python src/readme_updater.py python src/safety_readme.py + - name: Safety Reset for Workflow Files (Security) + run: | + # Prevent security rejection by ensuring no workflow YAMLs are part of the PR + git checkout HEAD -- .github/workflows/ + - name: Create Pull Request for V2 Elite Update id: cpr uses: peter-evans/create-pull-request@v8