From 43cf9b99fe11c84f4586b79e7bed2074586dafd6 Mon Sep 17 00:00:00 2001
From: Alexander Sapountzis <alexs@mparticle.com>
Date: Mon, 23 Mar 2026 15:45:34 -0400
Subject: [PATCH] fix(ci): add id-token permission for pr-notify workflow

The reusable oss_pr_opened_notification workflow requests id-token: write,
but the calling workflow did not grant it, causing the workflow to fail.
---
 .github/workflows/reusable-workflows.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/reusable-workflows.yml b/.github/workflows/reusable-workflows.yml
index aa6af3d..1305834 100644
--- a/.github/workflows/reusable-workflows.yml
+++ b/.github/workflows/reusable-workflows.yml
@@ -21,6 +21,8 @@ jobs:
         needs:
             - web-kit-pull-request
         name: Notify GChat
+        permissions:
+            id-token: write
         uses: ROKT/rokt-workflows/.github/workflows/oss_pr_opened_notification.yml@main
         secrets:
             gchat_webhook: ${{ secrets.GCHAT_PRS_WEBHOOK }}