From 45014e3ef565d717442d62aa55d08bfb3308b394 Mon Sep 17 00:00:00 2001
From: Roger Zhang <ruojiazh@amazon.com>
Date: Wed, 31 Dec 2025 15:11:55 -0800
Subject: [PATCH] action permission

---
 .github/workflows/codeql-analysis.yml | 3 +++
 .github/workflows/release.yml         | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 7c2e5a3..7520882 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -20,6 +20,9 @@ on:
   schedule:
     - cron: "15 22 * * 6"
 
+permissions:
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d2ebfb7..f46acae 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,6 +3,10 @@ on:
   push:
     branches:
       - main
+
+permissions:
+  contents: write
+
 jobs:
   release:
     runs-on: ubuntu-latest