fix: grant contents:write and pull-requests:write for tap repo

[luxass]

The app token needs write permissions to push the branch and create PRs in the tap repo

Summary by CodeRabbit

• Chores
  • Enhanced workflow configuration to support automated repository operations with updated permissions and credential handling.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f947dbc7-fdcf-41ec-b264-7e56571fd33c

📥 Commits

Reviewing files that changed from the base of the PR and between a8c7a9c and d662b1f.

📒 Files selected for processing (1)

• .github/workflows/reusable-homebrew-tap.yaml

---

Walkthrough

The PR updates token permissions and credentials handling in the reusable Homebrew tap workflow. GitHub App token generation now requests write access for repository contents and pull-requests (previously read-only), and the checkout step no longer sets persist-credentials: false, enabling subsequent repository write and pull-request operations.

Changes

Homebrew Tap Authentication

Layer / File(s)	Summary
Token Permissions and Credentials Update .github/workflows/reusable-homebrew-tap.yaml	GitHub App token permissions changed from read-only to write access for contents and pull-requests; checkout step credentials persistence behavior updated to allow later commit, push, and PR creation operations.

Possibly Related PRs

• luxass/shared-workflows#24: Both PRs modify .github/workflows/reusable-homebrew-tap.yaml authentication wiring for the Homebrew tap, with token and credentials handling updates for actions/checkout and PR creation.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐰 A token once timid, now bold and strong,
Write permissions granted—where they belong!
Credentials persist through the Homebrew tide,
With proper access, the workflow's your guide!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically describes the main change: granting write permissions for contents and pull-requests in the tap repository workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-tap-perms

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}