[Bug]: (Enterprise Workflow) Permissions Says No (to reuse)

[dkfellows]

What happened?

When the apply-reuse workflow decides to apply a change to the workflows in a repository under an Enterprise, the Enterprise permissions model fails the workflow because it doesn't permit automatic commits to modify workflows (unless you set up a special PAT, which is annoying to do).

We need to exclude the contents of .github/workflow from being committed, and changes there must not on their own constitute a reason to fail the overall workflow.

What version of our actions are you running?

main

Which runner were you using?

ubuntu-latest

Relevant log output

Switched to a new branch 'add-license-headers-to-220-fidas-large-batch-processing-2026-01-15-13-56-29'
[add-license-headers-to-220-fidas-large-batch-processing-2026-01-15-13-56-29 42e4d0a] Add License and Copyright Headers
 3 files changed, 9 insertions(+), 1 deletion(-)
To https://github.com/UoMResearchIT/MAQS-Data-Processing
 ! [remote rejected] add-license-headers-to-220-fidas-large-batch-processing-2026-01-15-13-56-29 -> add-license-headers-to-220-fidas-large-batch-processing-2026-01-15-13-56-29 (refusing to allow a GitHub App to create or update workflow `.github/workflows/build-executable.yml` without `workflows` permission)
error: failed to push some refs to 'https://github.com/UoMResearchIT/MAQS-Data-Processing'

Note

The workflow permission can't be specified in a workflow. It can only be granted from outside, i.e., via PAT or other such special token. Easier to avoid.

[dkfellows]

The complex part wasn't filtering the commit, but rather ensuring that the branch was only pushed and comments made if there was a meaningful change.