The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Mar 18, 2026 0:25am

Greptile Summary

This PR fixes the release job in ghcr_deploy.yml which was failing with Resource not accessible by integration when trying to call repos.createRelease. The root cause is that the repository's default GITHUB_TOKEN permissions are read-only, and any job without an explicit permissions block inherits those restricted defaults. Adding contents: write to the release job is the correct, minimal fix.

Key changes:

• Added permissions: contents: write to the release job so GITHUB_TOKEN is allowed to create GitHub releases.

Potential issue found:

• The build-and-push-helm-chart job (which runs in parallel and is also gated on release_type != 'dev') uses secrets.GITHUB_TOKEN to push a Helm OCI chart to GHCR. This job has no explicit permissions block, meaning it may silently fail for the same reason — it likely needs packages: write added explicitly.

Confidence Score: 4/5

• Safe to merge — the one-line permissions fix is correct and minimal, with one closely related job that may still be affected by the same root cause.
• The core fix (contents: write on the release job) is accurate and well-scoped. The only concern is the build-and-push-helm-chart job, which appears to have the same missing-permissions pattern. That job should be addressed either in this PR or a follow-up.
• .github/workflows/ghcr_deploy.yml — specifically the build-and-push-helm-chart job which may also need an explicit permissions block.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    dispatch([workflow_dispatch]) --> print[print]
    dispatch --> docker-hub-deploy["docker-hub-deploy\n(no permissions block)"]
    dispatch --> build-and-push-image["build-and-push-image\ncontents: read\npackages: write"]
    dispatch --> build-and-push-image-database["build-and-push-image-database\ncontents: read\npackages: write"]
    dispatch --> build-and-push-image-ee["build-and-push-image-ee\ncontents: read\npackages: write"]
    dispatch --> build-and-push-image-non_root["build-and-push-image-non_root\ncontents: read\npackages: write"]
    dispatch --> build-and-push-image-spend-logs["build-and-push-image-spend-logs\ncontents: read\npackages: write"]

    docker-hub-deploy --> helm["build-and-push-helm-chart\n⚠️ no permissions block\n(needs packages: write)"]
    build-and-push-image --> helm
    build-and-push-image-database --> helm

    docker-hub-deploy --> release["release\n✅ contents: write\n(this PR's fix)"]
    build-and-push-image --> release
    build-and-push-image-database --> release

    docker-hub-deploy --> observatory["run-observatory-tests\n(rc/stable only)"]

    release --> discord["Github Releases To Discord"]

_{Last reviewed commit: "[Fix] Add contents:w..."}

Merging this PR will not alter performance

✅ 16 untouched benchmarks

_{Comparing litellm_/loving-noyce (b8ffbba) with main (ef9cc33)}