diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c748004a..f1b706d8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,6 +8,10 @@ on:
   schedule:
     - cron: '0 8 * * *'
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   test:
     name: Test
@@ -55,6 +59,7 @@ jobs:
         with:
           files: ./test_results/opensearch.lcov
           flags: unit
+          use_oidc: true
 
       - name: Save OpenSearch logs
         if: failure()
@@ -112,6 +117,7 @@ jobs:
         with:
           files: ./client/test_results/opensearch.lcov
           flags: integration
+          use_oidc: true
 
       - name: Save OpenSearch logs
         if: failure()
@@ -135,7 +141,7 @@ jobs:
       - name: GitHub App token
         id: github_app_token
         uses: tibdex/github-app-token@v1.5.0
-        if: github.event_name == 'schedule'
+        if: github.event_name == 'schedule' && github.repository == 'opensearch-project/opensearch-rs'
         with:
           app_id: ${{ secrets.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
@@ -203,9 +209,11 @@ jobs:
           OPENSEARCH_PASSWORD: ${{ steps.opensearch.outputs.admin_password }}
 
       - uses: codecov/codecov-action@v4
+        if: github.event_name != 'schedule'
         with:
           files: ./client/test_results/opensearch.lcov
           flags: integration
+          use_oidc: true
 
       - name: Save OpenSearch logs
         if: failure()
@@ -216,7 +224,7 @@ jobs:
             opensearch-*/logs/*
 
       - name: Create issue about failure
-        if: failure() && github.event_name == 'schedule'
+        if: failure() && github.event_name == 'schedule' && github.repository == 'opensearch-project/opensearch-rs'
         uses: JasonEtco/create-an-issue@v2
         env:
           GITHUB_TOKEN: ${{ steps.github_app_token.outputs.token }}