Set required permissions for the SDK size checks

[gpunto]

Goal

SDK size & DB entities checks need write permissions for writing comments, so we're adding the relevant permission block. Up until now, this didn't cause problems because the token we're using has those permissions, but that doesn't work for Dependabot PRs. They receive a read-only token unless we declare permissions, which is why the corresponding failures in GetStream/stream-chat-android#6394.

Implementation

Add the permissions block

Testing

The SDK size check should succeed in Dependabot's PRs

Summary by CodeRabbit

• Chores
  • Updated workflow permissions configuration for enhanced security practices.

[github-actions]

PR checklist ✅

All required conditions are satisfied:

• Title length is OK (or ignored by label).
• At least one pr: label exists.
• Sections ### Goal, ### Implementation, and ### Testing are filled.

🎉 Great job! This PR is ready for review.

[github-actions]

SDK Size Comparison 📏

SDK	Before	After	Difference	Status
stream-feeds-android-client	2.52 MB	2.52 MB	0.00 MB	🟢

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 0c6b19e4-3bac-412e-96e5-273482dbe244

📥 Commits

Reviewing files that changed from the base of the PR and between 2ffbddd and b610e1e.

📒 Files selected for processing (1)

• .github/workflows/sdk-size-checks.yml

---

Walkthrough

The workflow adds an explicit permissions block to the GitHub Actions job, granting read access to repository contents and write access to pull requests and issues, replacing reliance on default permissions.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Configuration .github/workflows/sdk-size-checks.yml	Added explicit permissions block declaring contents: read, pull-requests: write, and issues: write permissions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A workflow so brave, with permissions now clear,
No secrets to guess, just declarations dear,
Read here, write there, with principle sound,
Least privilege granted—security found! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding required permissions to the SDK size checks workflow.
Description check	✅ Passed	The description follows the required template with complete Goal, Implementation, and Testing sections; all critical information is present and well-explained.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sdk-size-checks-permissions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gpunto]

Also removed some permissions @andremion realized were unneeded

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud