From c6008697896795e58093020bb9dee43b1ca2d123 Mon Sep 17 00:00:00 2001
From: Eric Crosson <ericcrosson@bitgo.com>
Date: Fri, 1 May 2026 18:56:53 +0000
Subject: [PATCH] fix: grant pull-requests write permission in release workflow

@semantic-release/github's success step fetches commits from PRs
referenced in release commit messages. Without explicit permissions,
the GITHUB_TOKEN lacks pull_requests=read scope, causing 404 errors
on PRs from the upstream repo's history.

Ticket: DX-916
---
 .github/workflows/release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4b7efeb..5f304c6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,6 +18,10 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
 
     steps:
       - name: Release