From c00597ebd4e924207bd745a553e1a1485fb30f1e Mon Sep 17 00:00:00 2001
From: Dries Peeters <dries.peeters96@gmail.com>
Date: Fri, 19 Sep 2025 10:37:18 +0200
Subject: [PATCH] fix: resolve GitHub Actions permissions for PR comments

 Fixes:
- Add explicit permissions for issues and pull-requests write access
- Add github-token parameter to github-script action
- Add missing job outputs for migration_changes

This resolves the 'Resource not accessible by integration' error when
the migration validation workflow tries to comment on pull requests.

The workflow now has proper permissions to:
- Create and update comments on issues
- Write to pull request discussions
- Access the GitHub API with appropriate scope
---
 .github/workflows/migration-check.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/migration-check.yml b/.github/workflows/migration-check.yml
index a327983..662b506 100644
--- a/.github/workflows/migration-check.yml
+++ b/.github/workflows/migration-check.yml
@@ -15,6 +15,8 @@ on:
 jobs:
   validate-migrations:
     runs-on: ubuntu-latest
+    outputs:
+      migration_changes: ${{ steps.migration_check.outputs.migration_changes }}
     services:
       postgres:
         image: postgres:16-alpine
@@ -220,10 +222,14 @@ jobs:
     runs-on: ubuntu-latest
     needs: validate-migrations
     if: github.event_name == 'pull_request' && always()
+    permissions:
+      issues: write
+      pull-requests: write
     steps:
       - name: Comment migration status on PR
         uses: actions/github-script@v7
         with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             const success = '${{ needs.validate-migrations.result }}' === 'success';
             const migrationChanges = '${{ needs.validate-migrations.outputs.migration_changes }}' === 'true';