Description
The problem
Octoherd repositories are scaffolded with a release GitHub workflow (.github/workflows/release.yml), which uses semantic-release to manage the releases to NPM. This workflow requires the repository to be configured to grant workflows with 'Read and Write' permissions.
But by default, a repository is created with the configuration 'Read repository contents and packages permissions'. This makes new Octoherd scripts scaffolded not work out of the box when trying to do their first release.
Proposed solution
To update the repository creation logic and set this required configuration out of the box. GitHub offers a way to update this via API: https://docs.github.com/en/rest/actions/permissions?apiVersion=2022-11-28#set-default-workflow-permissions-for-a-repository
Questions
What would be the first choice if there is an existing parent configuration at org/user level?
a) To respect that parent configuration
b) To still apply the Read and Write for that octoherd repository, ignoring what's configured at org/user level.