Skip to content

Commit f2b6729

Browse files
authored
Refactor AI review workflow permissions and settings
Removed unnecessary id-token permission and updated oauth-client-id and audience settings.
1 parent 06fe255 commit f2b6729

1 file changed

Lines changed: 1 addition & 4 deletions

File tree

.github/workflows/ai-review.yml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,6 @@ on:
2424

2525
permissions:
2626
contents: read
27-
# Required so the Tailscale action can mint a GitHub OIDC JWT and
28-
# authenticate to the tailnet via workload-identity federation.
29-
id-token: write
3027

3128
jobs:
3229
forward-to-serge-app:
@@ -63,7 +60,7 @@ jobs:
6360
# long-lived auth key is stored. The runner joins as an
6461
# ephemeral, tag:ci-tagged node.
6562
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID_AI_REVIEW }}
66-
audience: ${{ secrets.TS_AUDIENCE_AI_REVIEW }}
63+
oauth-secret: ${{ secrets.TS_AUDIENCE_AI_REVIEW }}
6764
tags: tag:ci
6865

6966
- name: Relay event to the Serge GitHub App

0 commit comments

Comments
 (0)