From dbce881274b0652acedad4328a737cc8aa26f09c Mon Sep 17 00:00:00 2001
From: Lev Brouk <lev@synadia.com>
Date: Mon, 22 Apr 2024 09:24:13 -0700
Subject: [PATCH] wip: fixed permissions

---
 .github/workflows/build-test.yml      | 2 +-
 .github/workflows/on-push-quick.yml   | 3 +++
 .github/workflows/on-push-release.yml | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
index a3f642323..7627edc14 100644
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -51,7 +51,7 @@ on:
         description: "Codecov repo token"
 
 permissions:
-  contents: write # so it can comment
+  contents: write # to comment on coverage.
 
 defaults:
   run:
diff --git a/.github/workflows/on-push-quick.yml b/.github/workflows/on-push-quick.yml
index ea67a2bf5..ffa3bf153 100644
--- a/.github/workflows/on-push-quick.yml
+++ b/.github/workflows/on-push-quick.yml
@@ -1,6 +1,9 @@
 on:
   push:
 
+permissions:
+  contents: write # required by build-test to comment on coverage but not used here.
+
 defaults:
   run:
     shell: bash --noprofile --norc -x -eo pipefail {0}
diff --git a/.github/workflows/on-push-release.yml b/.github/workflows/on-push-release.yml
index 8d305c01d..402b80a91 100644
--- a/.github/workflows/on-push-release.yml
+++ b/.github/workflows/on-push-release.yml
@@ -6,7 +6,7 @@ on:
 
 
 permissions:
-  contents: write # so it can comment
+  contents: write # required by build-test to comment on coverage but not used here.
 
 defaults:
   run: