@@ -25,13 +25,14 @@ jobs:
2525 contents : read
2626 pull-requests : read
2727 outputs :
28- stage : ${{ steps.role-check.outputs.skipped == 'true' && '' || steps.route.outputs.stage }}
28+ stage : ${{ steps.role-check.outputs.skipped != 'true' && steps.route.outputs.stage || '' }}
2929 trigger_source : ${{ steps.route.outputs.trigger_source }}
3030 event_payload : ${{ steps.payload.outputs.event_payload }}
3131 steps :
3232 - name : Checkout config repository
3333 uses : actions/checkout@v6
3434 with :
35+ repository : ${{ job.workflow_repository }}
3536 persist-credentials : false
3637 sparse-checkout : config.yaml
3738 sparse-checkout-cone-mode : false
@@ -231,7 +232,7 @@ jobs:
231232 set -euo pipefail
232233 STAGE_ROLE="$STAGE"
233234 case "$STAGE" in
234- code) STAGE_ROLE="coder" ;;
235+ code|fix ) STAGE_ROLE="coder" ;;
235236 retro|prioritize) STAGE_ROLE="fullsend" ;;
236237 esac
237238
@@ -292,6 +293,9 @@ jobs:
292293 name : Triage
293294 needs : route
294295 if : needs.route.outputs.stage == 'triage'
296+ permissions :
297+ contents : read
298+ id-token : write
295299 uses : fullsend-ai/fullsend/.github/workflows/reusable-triage.yml@v0
296300 with :
297301 event_type : ${{ github.event_name }}
@@ -308,6 +312,9 @@ jobs:
308312 name : Code
309313 needs : route
310314 if : needs.route.outputs.stage == 'code'
315+ permissions :
316+ contents : read
317+ id-token : write
311318 uses : fullsend-ai/fullsend/.github/workflows/reusable-code.yml@v0
312319 with :
313320 event_type : ${{ github.event_name }}
@@ -324,6 +331,9 @@ jobs:
324331 name : Review
325332 needs : route
326333 if : needs.route.outputs.stage == 'review'
334+ permissions :
335+ contents : read
336+ id-token : write
327337 uses : fullsend-ai/fullsend/.github/workflows/reusable-review.yml@v0
328338 with :
329339 event_type : ${{ github.event_name }}
@@ -340,6 +350,9 @@ jobs:
340350 name : Fix
341351 needs : route
342352 if : needs.route.outputs.stage == 'fix'
353+ permissions :
354+ contents : read
355+ id-token : write
343356 uses : fullsend-ai/fullsend/.github/workflows/reusable-fix.yml@v0
344357 with :
345358 event_type : ${{ github.event_name }}
@@ -357,6 +370,9 @@ jobs:
357370 name : Retro
358371 needs : route
359372 if : needs.route.outputs.stage == 'retro'
373+ permissions :
374+ contents : read
375+ id-token : write
360376 uses : fullsend-ai/fullsend/.github/workflows/reusable-retro.yml@v0
361377 with :
362378 event_type : ${{ github.event_name }}
@@ -374,6 +390,12 @@ jobs:
374390 needs : route
375391 if : needs.route.outputs.stage == 'prioritize'
376392 uses : ./.github/workflows/prioritize.yml
393+ permissions :
394+ contents : read
395+ id-token : write
396+ secrets :
397+ FULLSEND_GCP_WIF_PROVIDER : ${{ secrets.FULLSEND_GCP_WIF_PROVIDER }}
398+ FULLSEND_GCP_PROJECT_ID : ${{ secrets.FULLSEND_GCP_PROJECT_ID }}
377399 with :
378400 event_type : ${{ github.event_name }}
379401 source_repo : ${{ github.repository }}
0 commit comments