Description

Two related bugs that compound each other, resulting in the code review action running successfully but silently posting no output anywhere.

Bug 1: Generated workflow template has wrong permissions

The workflow template generated by the /install-github-app command sets pull-requests: read:

permissions:
  contents: read
  pull-requests: read
  issues: read
  id-token: write

Posting review comments requires pull-requests: write. The template should include write permission since that is the entire purpose of the code review workflow.

Bug 2: Action silently swallows the permission error

When the action attempts to post a review comment and receives a 403 from the GitHub API due to insufficient permissions, it exits 0. The job reports success with no indication that the review was never written anywhere.

Expected behaviour

• The generated template should include pull-requests: write
• The action should fail the step (non-zero exit) when it receives a permission error trying to write a review, so the misconfiguration is surfaced immediately

Impact

Without either fix, there is no feedback loop: the template is wrong, the action doesn't complain, the job shows green, and reviews silently go nowhere.