From 2a5c19b114f036734ab8228fef0a4667f12b3c2d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Apr 2026 22:26:28 +0000
Subject: [PATCH 1/2] fix: add required permissions to dependabot-repair.yml to
 prevent startup_failure

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/1ebec5d9-40fe-492c-becc-3e4f674d2cbe

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/workflows/dependabot-repair.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-repair.yml b/.github/workflows/dependabot-repair.yml
index bf9ad9c2f07..83eaf560865 100644
--- a/.github/workflows/dependabot-repair.yml
+++ b/.github/workflows/dependabot-repair.yml
@@ -8,4 +8,10 @@ jobs:
   dependabot-repair:
     if: github.actor == 'dependabot[bot]'
     uses: githubnext/dependabot-campaign/.github/workflows/dependabot-repair-reusable.lock.yml@ff91842c074b23270d3a0e26a7206a251232a374 # v0.2.0
-    secrets: inherit
\ No newline at end of file
+    secrets: inherit
+    permissions:
+      actions: read
+      contents: write
+      discussions: write
+      issues: write
+      pull-requests: write
\ No newline at end of file

From 7f0097ef76af497e29dfc5e187218e756b4a9110 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Apr 2026 22:27:11 +0000
Subject: [PATCH 2/2] fix: move permissions before uses in
 dependabot-repair.yml per GitHub convention

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/1ebec5d9-40fe-492c-becc-3e4f674d2cbe

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/workflows/dependabot-repair.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dependabot-repair.yml b/.github/workflows/dependabot-repair.yml
index 83eaf560865..2a10720bbb8 100644
--- a/.github/workflows/dependabot-repair.yml
+++ b/.github/workflows/dependabot-repair.yml
@@ -7,11 +7,11 @@ on:
 jobs:
   dependabot-repair:
     if: github.actor == 'dependabot[bot]'
-    uses: githubnext/dependabot-campaign/.github/workflows/dependabot-repair-reusable.lock.yml@ff91842c074b23270d3a0e26a7206a251232a374 # v0.2.0
-    secrets: inherit
     permissions:
       actions: read
       contents: write
       discussions: write
       issues: write
-      pull-requests: write
\ No newline at end of file
+      pull-requests: write
+    uses: githubnext/dependabot-campaign/.github/workflows/dependabot-repair-reusable.lock.yml@ff91842c074b23270d3a0e26a7206a251232a374 # v0.2.0
+    secrets: inherit
\ No newline at end of file