Starting today, apps and tokens used to create a release via the REST API endpoint will require the workflow
scope or workflows:write
permission in certain cases.
The workflow
scope or workflows:write
will be required when creating a release that targets a commit SHA (target_commitish
) that modifies an Actions workflow file and that SHA does not have an existing ref
(branch head or tag).
For more details see the REST API documentation or visit the GitHub Actions community if you have any questions.