From f0807f5a1e7d7796bc49b8926dc1a85ab1b5351e Mon Sep 17 00:00:00 2001
From: neverland <chenjiahan.jait@bytedance.com>
Date: Tue, 24 Dec 2024 17:22:48 +0800
Subject: [PATCH 1/2] chore(CI): fix missing permission for provenance

---
 .github/workflows/release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f5cb06282..fa984db19 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,6 +19,10 @@ on:
         required: true
         default: 'main'
 
+permissions:
+  # Provenance generation in GitHub Actions requires "write" access to the "id-token"
+  id-token: write
+
 jobs:
   release:
     name: Release

From 21d30589fe188fd553029d80f1fd62bb8e2d3356 Mon Sep 17 00:00:00 2001
From: neverland <chenjiahan.jait@bytedance.com>
Date: Tue, 24 Dec 2024 17:26:36 +0800
Subject: [PATCH 2/2] chore: comment

---
 .github/workflows/pr-label.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/pr-label.yaml b/.github/workflows/pr-label.yaml
index 6f6666b0c..224d8ab01 100644
--- a/.github/workflows/pr-label.yaml
+++ b/.github/workflows/pr-label.yaml
@@ -7,6 +7,7 @@ on:
       - edited
 
 permissions:
+  # Permits `github/issue-labeler` to add a label to a pull request
   pull-requests: write
   contents: read