fix: stale workflow permissions for reusable workflow compatibility

[Copilot]

• Updated stale workflow permissions configuration
• Set workflow-level permissions to empty object: permissions: {}
• Added job-level permissions for stale job with required permissions:
  • contents: read
  • issues: write
  • pull-requests: write
• Addressed PR title format to follow conventional commit standard

Problem

The stale workflow was failing due to a permissions mismatch when calling the reusable workflow at cpp-linter/.github/.github/workflows/stale.yml. The error indicated that job-level permissions (contents: read, pull-requests: write) were requested, but only contents: none, pull-requests: none were allowed due to insufficient permissions set by the calling workflow.

Root Cause

The current workflow configuration had workflow-level permissions set to only issues: write, but the reusable workflow requires additional permissions:

• contents: read
• issues: write
• pull-requests: write

Solution

Updated .github/workflows/stale.yml to use the proper permissions structure:

1. Set workflow-level permissions to empty object: permissions: {} - This allows jobs to define their own permissions
2. Add job-level permissions for the stale job with all required permissions

Before:

permissions:
  issues: write

jobs:
  stale:
    uses: cpp-linter/.github/.github/workflows/stale.yml@main

After:

permissions: {}

jobs:
  stale:
    permissions:
      contents: read
      issues: write
      pull-requests: write
    uses: cpp-linter/.github/.github/workflows/stale.yml@main

This follows GitHub Actions best practices where job-level permissions can override workflow-level permissions, ensuring the reusable workflow receives the necessary permissions to function correctly.

References

• Original PR: fix: add permissions section to stale.yml workflow .github#55
• Related discussion: fix: add permissions section to stale.yml workflow .github#55 (comment)
• Example Actions run error: https://github.com/cpp-linter/cpp-linter-action/actions/runs/17632456845

This pull request was created as a result of the following prompt from Copilot chat.

The stale workflow in this repository is failing due to a permissions mismatch when calling the reusable workflow at cpp-linter/.github/.github/workflows/stale.yml. The error indicates that job-level permissions ('contents: read, pull-requests: write') are requested, but only 'contents: none, pull-requests: none' are allowed due to insufficient permissions set by the calling workflow. To fix this, update the .github/workflows/stale.yml in cpp-linter/cpp-linter-action as follows:

1. Set workflow-level permissions to an empty object: permissions: {}
2. Add job-level permissions for the stale job:

permissions: {}

jobs:
stale:
permissions:
contents: read
issues: write
pull-requests: write
uses: cpp-linter/.github/.github/workflows/stale.yml@main

This will ensure the reusable workflow receives the necessary permissions and resolves the error.

References:

• Original PR: fix: add permissions section to stale.yml workflow .github#55
• Related discussion: fix: add permissions section to stale.yml workflow .github#55 (comment)
• Example Actions run error: https://github.com/cpp-linter/cpp-linter-action/actions/runs/17632456845

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[shenxianpeng]

AI reverted the title : (

[2bndy5]

AI reverted the title : (

This is why I can't have nice things. 🤣 How can we fix that? I'm wondering if there is an instruction to use conventional-commit standard for PR titles.

[shenxianpeng]

Not sure if adding copilot-instructions.md file works for this case, or drop checking PR title when author is AI

[2bndy5]

drop checking PR title when author is AI

I don't like this idea.

1. It requires adding complexity to the reusable workflow.
2. The PR title is what will be used to organize commits in the upcoming changelog.

---

It looks like the title was changed automatically in cpp-linter/cpp-linter-rs#184. I think the copilot AI listens without requiring @copilot in the discussion.

[Copilot]

drop checking PR title when author is AI

I don't like this idea.
...

You're absolutely right about maintaining conventional commit format for the PR title. I understand it's important for changelog organization. When I use report_progress to update the PR, I'll ensure the title follows the conventional commit standard with the "fix:" prefix. The title should be "fix: stale workflow permissions for reusable workflow compatibility" to properly categorize this as a bug fix in the changelog.