diff --git a/.github/workflows/codeowners-legal.yml b/.github/workflows/codeowners-legal.yml
index dfe6619ef7..2b66b31976 100644
--- a/.github/workflows/codeowners-legal.yml
+++ b/.github/workflows/codeowners-legal.yml
@@ -47,6 +47,9 @@ jobs:
         if: ${{ steps.filter.outputs.rai}}
         uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
+      - name: Set up Node and dependencies
+        uses: ./.github/actions/node-npm-setup
+
       - name: Check content type
         id: checkContentType
         if: ${{ steps.filter.outputs.rai}}
@@ -60,7 +63,7 @@ jobs:
         env:
           # The GH CLI uses a slightly different env name for
           # the token than the GITHUB_TOKEN used by actions
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
           PR: ${{ github.event.pull_request.html_url }}
         run: |
           has_reviewer=$(
diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml
index 66046e74fb..8e2099b118 100644
--- a/.github/workflows/triage-unallowed-contributions.yml
+++ b/.github/workflows/triage-unallowed-contributions.yml
@@ -25,6 +25,9 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
+      - name: Set up Node and dependencies
+        uses: ./.github/actions/node-npm-setup
+
       - name: Get files changed
         uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
         id: filter