diff --git a/.github/workflows/rocm-ci-dispatch.yml b/.github/workflows/rocm-ci-dispatch.yml
index e679ece46..8045e96b4 100644
--- a/.github/workflows/rocm-ci-dispatch.yml
+++ b/.github/workflows/rocm-ci-dispatch.yml
@@ -9,6 +9,7 @@ on:
     types: [ labeled, synchronize, reopened ]
 
 permissions:
+  actions: write
   contents: read
 
 jobs:
diff --git a/.github/workflows/rocm-ci.yml b/.github/workflows/rocm-ci.yml
index e2fb09c15..dea556dad 100644
--- a/.github/workflows/rocm-ci.yml
+++ b/.github/workflows/rocm-ci.yml
@@ -45,6 +45,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  actions: write
+  contents: read
+
 env:
   TEST_LEVEL: ${{ (github.event_name == 'push' && '3') || inputs.test_level || '1' }}
 
diff --git a/.github/workflows/rocm-wheels-build.yml b/.github/workflows/rocm-wheels-build.yml
index c1a8ea087..e1eeef89e 100644
--- a/.github/workflows/rocm-wheels-build.yml
+++ b/.github/workflows/rocm-wheels-build.yml
@@ -70,6 +70,10 @@ env:
   DOCKER_IMAGE_NAME: te-rocm-manylinux-x86
   MANYLINUX_PLATFORM: manylinux_2_28_x86_64
 
+permissions:
+  actions: write
+  contents: read
+
 # ─────────────────────────────────────────────────────────────────────────────
 jobs:
 
@@ -212,6 +216,41 @@ jobs:
             find "$LOG_DIR" -type f | sort
           fi
 
+      - name: Delete previous wheel artifacts for this branch
+        if: success()
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          BRANCH="${{ github.head_ref || github.ref_name }}"
+          echo "Cleaning up old te-rocm-wheels artifacts for branch: $BRANCH"
+
+          # Collect artifact IDs to delete
+          if ! IDS=$(gh api --paginate "repos/${{ github.repository }}/actions/artifacts?name=te-rocm-wheels" \
+            --jq ".artifacts[] | select(.expired == false and .workflow_run.head_branch == \"$BRANCH\") | .id"); then
+            echo "::warning::Failed to list artifacts (possible permissions issue). Skipping cleanup."
+            exit 0
+          fi
+
+          if [ -z "$IDS" ]; then
+            echo "No previous artifacts found for this branch."
+          else
+            echo "Deleting artifacts:"
+            FAILED=0
+            for id in $IDS; do
+              gh api "repos/${{ github.repository }}/actions/artifacts/$id" \
+                --jq '"\(.id)\t\(.size_in_bytes / 1024 / 1024 | round)MB\t\(.created_at)"' || true
+              if ! gh api -X DELETE "repos/${{ github.repository }}/actions/artifacts/$id"; then
+                echo "::warning::Failed to delete artifact $id (possible permissions issue)."
+                FAILED=$((FAILED + 1))
+              fi
+            done
+            if [ "$FAILED" -gt 0 ]; then
+              echo "::warning::Failed to delete $FAILED artifact(s). Ensure the workflow has 'actions: write' permission."
+            else
+              echo "Cleanup complete."
+            fi
+          fi
+
       - name: Upload wheels as GitHub Actions artifacts
         if: success()
         uses: actions/upload-artifact@v4
@@ -220,7 +259,7 @@ jobs:
           path: |
             ${{ runner.temp }}/wheelhouse/*.whl
             ${{ runner.temp }}/wheelhouse/*.tar.gz
-          retention-days: 1
+          retention-days: 7
           if-no-files-found: error
 
       - name: Upload build logs on failure