ci: allow ready-for-review workflow to edit labels

[thepastaclaw]

Ready-for-review label permissions

Summary

• Scope the workflow default token to contents: read.
• Grant issues: write only to the evaluate job that mutates PR labels.
• Keep ready-for-review label addition non-fatal, matching existing
  label-removal cleanup paths.

Fixes #809.

Motivation

The ready-for-review workflow currently reaches:

All conditions met. Adding ready-for-review label.

and then fails with:

GraphQL: Resource not accessible by integration (addLabelsToLabelable)

GitHub PR labels are issue labels, so the workflow needs issues: write when
calling gh pr edit --add-label or gh pr edit --remove-label.

Validation

• python3 assertion check confirmed the workflow contains scoped
  issues: write permissions and non-fatal add-label handling.
• git diff --check upstream/dev..HEAD
• code-review dashpay/rust-dashcore upstream/dev fork/fix-ready-for-review-permissions
  • Result: Recommendation: ship

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow configuration to clarify permission settings and improve reliability of automated CI processes by preventing non-critical labeling failures from blocking workflow execution.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3acfcbeb-7f96-42fb-8593-da49aab8ac41

📥 Commits

Reviewing files that changed from the base of the PR and between 981e97f and cb1f752.

📒 Files selected for processing (1)

• .github/workflows/ready-for-review.yml

---

📝 Walkthrough

Walkthrough

Explicit permissions blocks are added at the workflow level and to the validate-triggers and evaluate jobs in .github/workflows/ready-for-review.yml. The evaluate job gains pull-requests: write, issues: write, and checks: read. The gh pr edit --add-label "ready-for-review" command is changed to be non-fatal by appending || true.

Changes

Ready-for-Review Workflow Permission Fix

Layer / File(s)	Summary
Explicit permissions and non-fatal label add .github/workflows/ready-for-review.yml	Adds permissions: contents: read at the workflow level and to validate-triggers; adds pull-requests: write, issues: write, checks: read, and contents: read to the evaluate job. Changes gh pr edit --add-label "ready-for-review" to append || true so a label mutation failure no longer fails the step.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A rabbit hops past the gate with glee,
issues: write sets the label free! 🐇
No more GraphQL walls in the night,
|| true keeps the workflow light.
The ready-for-review flag now flies right! 🏷️

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly refers to the main change: allowing the ready-for-review workflow to edit labels by fixing permission issues.
Linked Issues check	✅ Passed	The changes fully address issue #809: adding issues: write permission and making label addition non-fatal, which resolves the GraphQL permission error.
Out of Scope Changes check	✅ Passed	All changes are scoped to the ready-for-review workflow permission model and label mutation handling, directly addressing the linked issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thepastaclaw]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.93%. Comparing base (981e97f) to head (cb1f752).
⚠️ Report is 1 commits behind head on dev.

Additional details and impacted files

@@            Coverage Diff             @@
##              dev     #810      +/-   ##
==========================================
- Coverage   72.97%   72.93%   -0.04%     
==========================================
  Files         323      323              
  Lines       71989    71989              
==========================================
- Hits        52534    52507      -27     
- Misses      19455    19482      +27     

Flag	Coverage Δ
core	76.75% <ø> (ø)
ffi	46.99% <ø> (-0.42%)	⬇️
rpc	20.00% <ø> (ø)
spv	90.29% <ø> (+0.07%)	⬆️
wallet	71.64% <ø> (ø)
see 22 files with indirect coverage changes

[github-actions]

This PR has merge conflicts with the base branch. Please rebase or merge the base branch into your branch to resolve them.

[thepastaclaw]

Closing this stale duplicate: the same workflow permission fix was merged via #811, which also resolves #809. No rebase needed here.