From 314693cf99357b83a9c008b163bc955ee1a7ef19 Mon Sep 17 00:00:00 2001
From: Ryan Lamb <4955475+kinyoklion@users.noreply.github.com>
Date: Thu, 7 May 2026 14:08:49 -0700
Subject: [PATCH] ci: grant pull-requests:read on lint-pr-title caller

Without an explicit `permissions:` block the caller workflow
inherits the default scope, which on this repo is `pull-requests:
none`. The nested reusable workflow at
launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main
requests `pull-requests: read`, so GitHub rejects the workflow with
"is requesting 'pull-requests: read', but is only allowed
'pull-requests: none'".

Granting the read permission at the caller is the minimal scope the
reusable workflow needs to inspect the PR title.
---
 .github/workflows/lint-pr-title.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml
index 4ba79c13..4d480977 100644
--- a/.github/workflows/lint-pr-title.yml
+++ b/.github/workflows/lint-pr-title.yml
@@ -7,6 +7,9 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   lint-pr-title:
     uses: launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main