When the submission of dependency graph is enabled via with: dependency-graph: generate-and-submit but permissions are not sufficient with permissions: contents: read instead of write, the following warning in the annotations in summary of the build is displayed:
Failed to submit dependency graph dependency-graph-reports/build_description_service-build.json. Please ensure that the 'contents: write' permission is available for the workflow job. Note that this permission is never available for a 'pull_request' trigger from a repository fork.
The build still passes which makes it easy to miss. It would be better to fail the workflow run in case such misconfiguration is detected.
When the submission of dependency graph is enabled via
with: dependency-graph: generate-and-submitbut permissions are not sufficient withpermissions: contents: readinstead ofwrite, the following warning in the annotations in summary of the build is displayed:The build still passes which makes it easy to miss. It would be better to fail the workflow run in case such misconfiguration is detected.