From 8fc062a84e6c49e2c7d2437d53fd55e99e280260 Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Tue, 3 Feb 2026 21:57:43 -0800
Subject: [PATCH 1/2] ci: include workflow write permission for changelog steps

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f193dad34..64fff86d6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
+      workflows: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

From a43f3a8a79e5112a65914ce4e504d9bbbcc75bdd Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Tue, 3 Feb 2026 22:33:13 -0800
Subject: [PATCH 2/2] ci: update changelog job permissions for changesets
 action

Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
---
 .github/workflows/release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 64fff86d6..445f5fb29 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,8 +16,10 @@ jobs:
       hasChangesets: ${{ steps.changesets.outputs.hasChangesets }}
     permissions:
       contents: write
+      id-token: write
+      issues: read
+      packages: write
       pull-requests: write
-      workflows: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2