diff --git a/.github/workflows/gemini-dispatch.yml b/.github/workflows/gemini-dispatch.yml index 462315102..0b193fa0f 100644 --- a/.github/workflows/gemini-dispatch.yml +++ b/.github/workflows/gemini-dispatch.yml @@ -108,8 +108,9 @@ jobs: uses: './.github/workflows/gemini-review.yml' permissions: contents: 'read' - pull-requests: 'write' + id-token: 'write' issues: 'write' + pull-requests: 'write' with: additional_context: '${{ needs.dispatch.outputs.additional_context }}' secrets: 'inherit' @@ -121,6 +122,7 @@ jobs: uses: './.github/workflows/gemini-triage.yml' permissions: contents: 'read' + id-token: 'write' issues: 'write' pull-requests: 'write' with: @@ -134,6 +136,7 @@ jobs: uses: './.github/workflows/gemini-invoke.yml' permissions: contents: 'read' + id-token: 'write' issues: 'write' pull-requests: 'write' with: diff --git a/.github/workflows/gemini-invoke.yml b/.github/workflows/gemini-invoke.yml index 5852afaf7..b7afa0156 100644 --- a/.github/workflows/gemini-invoke.yml +++ b/.github/workflows/gemini-invoke.yml @@ -21,6 +21,7 @@ jobs: runs-on: 'ubuntu-latest' permissions: contents: 'read' + id-token: 'write' issues: 'write' pull-requests: 'write' steps: diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml index be5bc3131..de5125a10 100644 --- a/.github/workflows/gemini-review.yml +++ b/.github/workflows/gemini-review.yml @@ -22,8 +22,9 @@ jobs: timeout-minutes: 7 permissions: contents: 'read' - pull-requests: 'write' + id-token: 'write' issues: 'write' + pull-requests: 'write' steps: - name: 'Mint identity token' id: 'mint_identity_token' diff --git a/.github/workflows/gemini-triage.yml b/.github/workflows/gemini-triage.yml index 058e15398..f33c40df2 100644 --- a/.github/workflows/gemini-triage.yml +++ b/.github/workflows/gemini-triage.yml @@ -25,6 +25,7 @@ jobs: selected_labels: '${{ env.SELECTED_LABELS }}' permissions: contents: 'read' + id-token: 'write' issues: 'read' pull-requests: 'read' steps: