When a user without admin permissions triggers the pipeline, some changes might result in moderation requests. This is especially problematic for the final step when the target project is updated. As subsequent pipelines can even create changes which overwrite each other, this might lead to incomplete target project BOMs.
Therefore, it might be a good idea to query the project's releases again after trying to modify them. I think that way we should be able to detect that a moderation request has been created.
When a user without admin permissions triggers the pipeline, some changes might result in moderation requests. This is especially problematic for the final step when the target project is updated. As subsequent pipelines can even create changes which overwrite each other, this might lead to incomplete target project BOMs.
Therefore, it might be a good idea to query the project's releases again after trying to modify them. I think that way we should be able to detect that a moderation request has been created.