From 703f9b794d25cb7a8ad236fcc200e477deab7375 Mon Sep 17 00:00:00 2001
From: Kyle <kyle201817146@gmail.com>
Date: Sun, 5 Oct 2025 01:32:34 +0800
Subject: [PATCH 1/2] Add PR triage workflow

This workflow automatically triages new pull requests using Claude AI to analyze the changes and apply appropriate labels.
---
 .github/workflows/pr-triage.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 .github/workflows/pr-triage.yml

diff --git a/.github/workflows/pr-triage.yml b/.github/workflows/pr-triage.yml
new file mode 100644
index 000000000..e38bdeff2
--- /dev/null
+++ b/.github/workflows/pr-triage.yml
@@ -0,0 +1,10 @@
+name: PR Triage
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  triage-pr:
+    uses: OpenSwiftUIProject/github-workflows/.github/workflows/pr-triage.yml@main
+    secrets: inherit

From 1c67cc2b387947c7daa81335b5a79f584642efb2 Mon Sep 17 00:00:00 2001
From: Kyle <kyle201817146@gmail.com>
Date: Sun, 5 Oct 2025 01:35:31 +0800
Subject: [PATCH 2/2] Add proper permissions for inherit workflows

Following the OpenAttributeGraph example, add explicit permissions to the three workflows that use reusable workflows with secrets: inherit.

- claude.yml: Add contents, pull-requests, issues (read), id-token, actions permissions
- issue-triage.yml: Add contents (read), issues (write) permissions
- pr-triage.yml: Add contents (read), pull-requests (write) permissions
---
 .github/workflows/claude.yml       | 7 +++++++
 .github/workflows/issue-triage.yml | 4 ++++
 .github/workflows/pr-triage.yml    | 4 ++++
 3 files changed, 15 insertions(+)

diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
index 92df58768..3504cd4a3 100644
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -10,6 +10,13 @@ on:
   pull_request_review:
     types: [submitted]
 
+permissions:
+  contents: read
+  pull-requests: read
+  issues: read
+  id-token: write
+  actions: read
+
 jobs:
   claude:
     uses: OpenSwiftUIProject/github-workflows/.github/workflows/claude.yml@main
diff --git a/.github/workflows/issue-triage.yml b/.github/workflows/issue-triage.yml
index dad6b6402..9a193e9e7 100644
--- a/.github/workflows/issue-triage.yml
+++ b/.github/workflows/issue-triage.yml
@@ -4,6 +4,10 @@ on:
   issues:
     types: [opened]
 
+permissions:
+  contents: read
+  issues: write
+
 jobs:
   triage-issue:
     uses: OpenSwiftUIProject/github-workflows/.github/workflows/issue-triage.yml@main
diff --git a/.github/workflows/pr-triage.yml b/.github/workflows/pr-triage.yml
index e38bdeff2..9036e49e0 100644
--- a/.github/workflows/pr-triage.yml
+++ b/.github/workflows/pr-triage.yml
@@ -4,6 +4,10 @@ on:
   pull_request:
     types: [opened]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   triage-pr:
     uses: OpenSwiftUIProject/github-workflows/.github/workflows/pr-triage.yml@main