From 12055d1b591c197ba89da154645fdc38b5c5b925 Mon Sep 17 00:00:00 2001
From: morluto <williamlin1327@gmail.com>
Date: Mon, 30 Mar 2026 18:46:15 +0800
Subject: [PATCH] fix(ci): add workflow-level permissions for PR comments

---
 .github/workflows/evals.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/evals.yml b/.github/workflows/evals.yml
index a7b1fd997..e37a17244 100644
--- a/.github/workflows/evals.yml
+++ b/.github/workflows/evals.yml
@@ -4,6 +4,11 @@ on:
     branches: [main]
   workflow_dispatch:
 
+permissions:
+  contents: read
+  pull-requests: write
+  packages: write
+
 concurrency:
   group: evals-${{ github.head_ref }}
   cancel-in-progress: true