From 5be5422417fcba25ca7a3fb95e9e8bd3bf6d59d8 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 11 Apr 2026 13:58:09 +0100
Subject: [PATCH] fix(ci): use OPENCODE_PAT in test-writer to trigger
 downstream workflows

GITHUB_TOKEN cannot trigger other workflows (GitHub security policy).
Replace all github.token refs with secrets.OPENCODE_PAT so that PRs
created by the test-writer trigger build.yml and opencode-pr.yml.

Also reduce audit workflow timeout from 60 to 20 minutes.
---
 .github/workflows/opencode-audit.yml       |  2 +-
 .github/workflows/opencode-test-writer.yml | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/opencode-audit.yml b/.github/workflows/opencode-audit.yml
index 8139c8e0..c75f3b01 100644
--- a/.github/workflows/opencode-audit.yml
+++ b/.github/workflows/opencode-audit.yml
@@ -14,7 +14,7 @@ on:
 jobs:
   audit:
     runs-on: ubuntu-latest
-    timeout-minutes: 60
+    timeout-minutes: 20
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/opencode-test-writer.yml b/.github/workflows/opencode-test-writer.yml
index 73438535..46be2cf0 100644
--- a/.github/workflows/opencode-test-writer.yml
+++ b/.github/workflows/opencode-test-writer.yml
@@ -137,7 +137,7 @@ jobs:
         with:
           ref: ${{ github.event.repository.default_branch }}
           fetch-depth: 0
-          token: ${{ github.token }}
+          token: ${{ secrets.OPENCODE_PAT }}
 
       - name: Ensure test label exists
         run: |
@@ -147,7 +147,7 @@ jobs:
               --color "0E8A16"
           fi
         env:
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ secrets.OPENCODE_PAT }}
 
       - name: Check for existing PR
         id: check-existing
@@ -167,7 +167,7 @@ jobs:
             echo "skip=false" >> "$GITHUB_OUTPUT"
           fi
         env:
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ secrets.OPENCODE_PAT }}
 
       - name: Validate scan paths exist
         if: steps.check-existing.outputs.skip != 'true'
@@ -192,8 +192,8 @@ jobs:
         if: steps.check-existing.outputs.skip != 'true'
         uses: anomalyco/opencode/github@latest
         env:
-          GITHUB_TOKEN: ${{ github.token }}
-          GH_TOKEN: ${{ github.token }}
+          GITHUB_TOKEN: ${{ secrets.OPENCODE_PAT }}
+          GH_TOKEN: ${{ secrets.OPENCODE_PAT }}
           MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
           XDG_CACHE_HOME: /tmp/opencode-cache
         with:
@@ -242,4 +242,4 @@ jobs:
             echo "No PR found to trigger workflows"
           fi
         env:
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ secrets.OPENCODE_PAT }}