diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
index de91fe9f0a..0c4a728947 100644
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -8,6 +8,11 @@ inputs:
   postgresql_version:
     description: "Optional postgresql image tag"
     default: "16"
+  working-directory:
+    description: |
+      Optional working directory if this repo isn't in the root of the actions workspace.
+      When set, needs to contain a trailing slash
+    default: ""
 
 runs:
   using: "composite"
@@ -29,10 +34,11 @@ runs:
       if: ${{ contains(inputs.dependencies, 'python') }}
       uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v5
       with:
-        python-version-file: "pyproject.toml"
+        python-version-file: "${{ inputs.working-directory }}pyproject.toml"
     - name: Install Python deps
       if: ${{ contains(inputs.dependencies, 'python') }}
       shell: bash
+      working-directory: ${{ inputs.working-directory }}
       run: uv sync --all-extras --dev --frozen
     - name: Setup rust (stable)
       if: ${{ contains(inputs.dependencies, 'rust') && !contains(inputs.dependencies, 'rust-nightly') }}
@@ -55,27 +61,28 @@ runs:
       if: ${{ contains(inputs.dependencies, 'node') }}
       uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4
       with:
-        node-version-file: web/package.json
+        node-version-file: "${{ inputs.working-directory }}web/package.json"
         cache: "npm"
-        cache-dependency-path: web/package-lock.json
+        cache-dependency-path: "${{ inputs.working-directory }}web/package-lock.json"
         registry-url: "https://registry.npmjs.org"
     - name: Setup node (root)
       if: ${{ contains(inputs.dependencies, 'node') }}
       uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4
       with:
-        node-version-file: package.json
+        node-version-file: "${{ inputs.working-directory }}package.json"
         cache: "npm"
-        cache-dependency-path: package-lock.json
+        cache-dependency-path: "${{ inputs.working-directory }}package-lock.json"
         registry-url: "https://registry.npmjs.org"
     - name: Install Node deps
       if: ${{ contains(inputs.dependencies, 'node') }}
       shell: bash
+      working-directory: ${{ inputs.working-directory }}
       run: npm ci
     - name: Setup go
       if: ${{ contains(inputs.dependencies, 'go') }}
       uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5
       with:
-        go-version-file: "go.mod"
+        go-version-file: "${{ inputs.working-directory }}go.mod"
     - name: Setup docker cache
       if: ${{ contains(inputs.dependencies, 'runtime') }}
       uses: AndreKurait/docker-cache@0fe76702a40db986d9663c24954fc14c6a6031b7
@@ -84,6 +91,7 @@ runs:
     - name: Setup dependencies
       if: ${{ contains(inputs.dependencies, 'runtime') }}
       shell: bash
+      working-directory: ${{ inputs.working-directory }}
       run: |
         export PSQL_TAG=${{ inputs.postgresql_version }}
         docker compose -f .github/actions/setup/compose.yml up -d
@@ -91,6 +99,7 @@ runs:
     - name: Generate config
       if: ${{ contains(inputs.dependencies, 'python') }}
       shell: uv run python {0}
+      working-directory: ${{ inputs.working-directory }}
       run: |
         from authentik.lib.generators import generate_id
         from yaml import safe_dump