From 2a49f94872c03086e52c0318c93bdd0c1d4bcafd Mon Sep 17 00:00:00 2001
From: Nelson Chen <crazysim@gmail.com>
Date: Sun, 7 Jan 2024 15:02:25 -0800
Subject: [PATCH] Add necessary permissions/tokens for
 "lewagon/wait-on-check-action" so it can run nightly (#30923)

---
 .github/workflows/prebuilt.yaml | 3 +++
 .github/workflows/release.yaml  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/prebuilt.yaml b/.github/workflows/prebuilt.yaml
index 58095cf19c7080..23b35743550e5c 100644
--- a/.github/workflows/prebuilt.yaml
+++ b/.github/workflows/prebuilt.yaml
@@ -15,6 +15,8 @@ jobs:
     if: github.repository == 'commaai/openpilot'
     env:
       PUSH_IMAGE: true
+    permissions:
+      checks: read
     steps:
     - name: Wait for green check mark
       if: ${{ github.event_name != 'workflow_dispatch' }}
@@ -23,6 +25,7 @@ jobs:
         ref: master
         wait-interval: 30
         running-workflow-name: 'build prebuilt'
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
         check-regexp: ^((?!.*(build master-ci).*).)*$
     - uses: actions/checkout@v4
       with:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index cd2ebd9f824d61..f1dc4c2e4a5050 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,6 +14,8 @@ jobs:
       image: ghcr.io/commaai/openpilot-base:latest
     runs-on: ubuntu-20.04
     if: github.repository == 'commaai/openpilot'
+    permissions:
+      checks: read
     steps:
     - name: Install wait-on-check-action dependencies
       run: |
@@ -26,6 +28,7 @@ jobs:
         ref: master
         wait-interval: 30
         running-workflow-name: 'build master-ci'
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
         check-regexp: ^((?!.*(build prebuilt).*).)*$
     - uses: actions/checkout@v4
       with: