From 3b13ba616ce554db69640524d9f21d2e725ea6d9 Mon Sep 17 00:00:00 2001
From: Douglas Eichelberger <doug.eichelberger@gusto.com>
Date: Thu, 5 Mar 2026 17:04:41 -0800
Subject: [PATCH] Add checks: write permission to standardrb workflow

Dependabot PRs run with a restricted GITHUB_TOKEN that lacks checks:write
by default, causing the standard-ruby-action to fail with a 403 when it
tries to create a Check Run. Explicitly granting checks: write (and
contents: read for checkout) fixes this.
---
 .github/workflows/standardrb.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/standardrb.yaml b/.github/workflows/standardrb.yaml
index 6003707..149326d 100644
--- a/.github/workflows/standardrb.yaml
+++ b/.github/workflows/standardrb.yaml
@@ -5,6 +5,9 @@ on: [push]
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      contents: read
     steps:
     - uses: actions/checkout@v1
     - name: StandardRB Linter