From 8e7ea541995903c7f4aaf28bbd950a08bee4298b Mon Sep 17 00:00:00 2001 From: Ivan Shymko Date: Thu, 2 Apr 2026 14:10:53 +0200 Subject: [PATCH] ci: fix spelling action failure (#922) There is [code in spelling check](https://github.com/check-spelling/check-spelling/blob/c635c2f3f714eec2fcf27b643a1919b9a811ef2e/unknown-words.sh#L182) which probes branch renaming to make sure that pipeline is set up according to the [guide](https://docs.check-spelling.dev/Feature:-Restricted-Permissions). It doesn't specify request body and looks for a specific message in the response assuming that token check happens before body validation. Seems like GitHub change behavior and body schema is validated before permissions, so such request fails with a different error now: ``` curl -s -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_TOKEN" \ "https://api.github.com/repos/a2aproject/a2a-python/branches/1.0-dev/rename" { "message": "Invalid request.\n\nFor 'links/0/schema', nil is not an object.", "documentation_url": "https://docs.github.com/rest/branches/branches#rename-a-branch", "status": "422" } ``` Providing body gives a proper error: ```json { "message": "Resource not accessible by personal access token", "documentation_url": "https://docs.github.com/rest/branches/branches#rename-a-branch", "status": "403" } ``` Trying to update the workflow according to the sample https://raw.githubusercontent.com/check-spelling/spell-check-this/main/.github/workflows/spelling.yml. --- .github/workflows/spelling.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/spelling.yaml b/.github/workflows/spelling.yaml index 49b09a87b..06112aa5a 100644 --- a/.github/workflows/spelling.yaml +++ b/.github/workflows/spelling.yaml @@ -1,7 +1,7 @@ --- name: Check Spelling on: - pull_request: + pull_request_target: branches: ['**'] types: [opened, reopened, synchronize] issue_comment: @@ -11,6 +11,7 @@ jobs: name: Check Spelling permissions: contents: read + pull-requests: read actions: read security-events: write outputs: