From 400ee2b75dc16e7063478f812db7d02c203feddf Mon Sep 17 00:00:00 2001
From: "Thing-han, Lim" <15379156+potsrevennil@users.noreply.github.com>
Date: Tue, 19 Nov 2024 14:30:50 +0800
Subject: [PATCH] ci: set permissions for contents and pull_requests to write

Permission of pull_requests is required for leaving a comment on alert
on PR.

Permission of contents is required to be `write` when pushing to
gh-pages, originally set to `read` still worked might due to the write
permission had already been set somewhere else (repo/org-wise).

Signed-off-by: Thing-han, Lim <15379156+potsrevennil@users.noreply.github.com>
---
 .github/workflows/bench.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml
index f926bbd00..7afc32b46 100644
--- a/.github/workflows/bench.yml
+++ b/.github/workflows/bench.yml
@@ -1,8 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
 name: Bench
-permissions:
-  contents: read
 on:
   workflow_dispatch:
   push:
@@ -17,6 +15,9 @@ concurrency:
 
 jobs:
   bench:
+    permissions:
+      contents: write
+      pull-requests: write
     name: ${{ matrix.target.name }}
     strategy:
       fail-fast: true
@@ -56,8 +57,9 @@ jobs:
   ec2_all:
     name: ${{ matrix.target.name }} ${{ matrix.opt.name }}
     permissions:
-      contents: 'read'
-      id-token: 'write'
+      contents: write
+      pull-requests: write
+      id-token: write
     strategy:
       fail-fast: false
       matrix: