ci: set permissions for contents and pull_requests to write

Permission of pull_requests is required for leaving a comment on alert on PR. Permission of contents is required to be `write` when pushing to gh-pages, originally set to `read` still worked might due to the write permission had already been set somewhere else (repo/org-wise). Signed-off-by: Thing-han, Lim <[email protected]>
pq-code-package · Nov 21, 2024 · 400ee2b · 400ee2b
1 parent 94c85ef
commit 400ee2b
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml
@@ -1,8 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
 name: Bench
-permissions:
-  contents: read
 on:
   workflow_dispatch:
   push:
@@ -17,6 +15,9 @@ concurrency:
 
 jobs:
   bench:
+    permissions:
+      contents: write
+      pull-requests: write
     name: ${{ matrix.target.name }}
     strategy:
       fail-fast: true
@@ -56,8 +57,9 @@ jobs:
   ec2_all:
     name: ${{ matrix.target.name }} ${{ matrix.opt.name }}
     permissions:
-      contents: 'read'
-      id-token: 'write'
+      contents: write
+      pull-requests: write
+      id-token: write
     strategy:
       fail-fast: false
       matrix: