Resync app-permissions overrides with current API schema

[salmanmkc]

Problem

The override files for /app/installations (scripts/overrides/get-app-installations.json and .deref.json) contained a stale copy of the app-permissions schema. The most impactful issue was using the old team_discussions key instead of discussions, but the permissions block had also drifted significantly — missing 20 permissions that exist in the current GitHub API.

Root Cause

These overrides exist to work around a anyOf issue (octokit/openapi-types.ts#305). The replaceOperation() function in scripts/overrides/index.mjs replaces the entire operation with a frozen JSON snapshot, which means the permissions block drifts every time GitHub adds a new permission scope upstream.

Ideally, the override would only patch the anyOf structure rather than replacing the whole operation — that way permissions would stay in sync automatically. That's a bigger refactor but would prevent this class of drift entirely.

Fix

• Renamed team_discussions → discussions with updated description
• Added 20 missing permissions to align with the current app-permissions schema: artifact_metadata, attestations, codespaces, custom_properties_for_organizations, dependabot_secrets, email_addresses, enterprise_custom_properties_for_organizations, followers, git_ssh_keys, gpg_keys, interaction_limits, merge_queues, organization_copilot_agent_settings, organization_copilot_seat_management, organization_custom_org_roles, organization_custom_properties, organization_events, profile, repository_custom_properties, starring
• Both override files now contain all 54 permissions matching the live API schema exactly (types, enums, and descriptions verified)

Impact

Downstream consumers (e.g. actions/create-github-app-token) that generate permission inputs from app-permissions will now correctly see discussions instead of team_discussions, and will have access to all current permission scopes.

This also helps fix github/gh-aw#25709 due to the regression from github/gh-aw#25508.

Fixes #528

[octokit]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[salmanmkc]

Note: broader permissions drift

While investigating this, I noticed the override files are frozen snapshots and have drifted beyond just team_discussions → discussions. They're also missing several newer upstream permissions entirely (e.g. artifact_metadata, attestations, codespaces, merge_queues, workflows, and various org/repo custom-properties permissions).

This PR fixes the most impactful rename (team_discussions → discussions), but a broader resync of the permissions block in these override files would be worth doing as a follow-up.

Breaking change note: This renames a schema property from team_discussions to discussions in app-permissions. Consumers who generated types from the old property name may need to update. However, this aligns the schema with the actual API behavior — the live API uses discussions, not team_discussions.

[wolfy1339]

Thanks, feel free to update the override completely in this PR.

Best to tackle it all at once.

Do note that GitHub has abandoned Octokit and other open source projects.
I do my best to keep things working with my limited permissions as I am only a community volunteer maintainer.

It is entirely possible that the release workflow is broken due to the recent revocation of long lived NPM tokens, and not being able to publish new packages using OIDC authentication.

[wolfy1339]

Closing in favour of #531