fix(dev-lead): grant statuses:read (fixes startup_failure)

[don-petry]

The reusable workflow has requested statuses: read at the job level since #435, but this caller never granted it, so dispatch runs fail with startup_failure. Adds statuses: read to jobs.dev-lead.permissions.

Urgent: should merge before the 2026-06-07 04:30 UTC re-sweep (stuck PR #362).

Refs petry-projects/.github#402.

🤖 Generated with Claude Code

Summary by CodeRabbit

No user-facing changes in this release. Internal workflow permissions were updated to support development processes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1c486774-7706-453f-a970-6ed07a696b5a

📥 Commits

Reviewing files that changed from the base of the PR and between f3cde38 and 201dc63.

📒 Files selected for processing (1)

• .github/workflows/dev-lead.yml

---

📝 Walkthrough

Walkthrough

The .github/workflows/dev-lead.yml workflow's job-level permissions are extended with statuses: read permission. This addition enables the workflow to function properly with the reusable dev-lead-reusable.yml workflow that requires this permission.

Changes

Dev-Lead Workflow Permission Update

Layer / File(s)	Summary
Job permissions for reusable workflow compatibility .github/workflows/dev-lead.yml	The job-level permissions are updated to include statuses: read, adding the required permission for the reusable dev-lead-reusable.yml workflow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the fix: granting the missing statuses:read permission to the dev-lead workflow and explains what it resolves (startup_failure).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/dev-lead-align

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[Copilot]

Pull request overview

This PR fixes GitHub Actions startup_failure for repository_dispatch runs by granting the missing statuses: read permission to the dev-lead job, matching the permissions required by the referenced reusable workflow.

Changes:

• Add statuses: read to jobs.dev-lead.permissions in the caller workflow.

[don-petry]

Dev-Lead — review-changes (applied)

Changes committed and pushed.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[don-petry]

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

[github-actions]

CI Failure: SonarCloud Code Analysis

Step: SonarCloud Quality Gate
Root cause: Env issue

SonarCloud Code Analysis failed as an external quality gate check on this PR. Because the details URL points directly to https://sonarcloud.io with no embedded GitHub Actions run ID, no step-level logs are available; the most common cause for this pattern is a missing or invalid SONAR_TOKEN repository secret, which prevents SonarCloud from authenticating and completing its analysis. The PR diff itself only adds a single statuses: read permission line to a workflow YAML file, so the failure is not related to source-code changes in this PR.

Suggested fix: Verify that the SONAR_TOKEN secret is correctly configured under Settings → Secrets and variables → Actions in the petry-projects/google-app-scripts repository, then re-run the SonarCloud check.

View run logs