Merge pull request #689 from github/aeisenberg/update-permissions

Updates the permissions block to be minimal
2021-08-09 15:12:02 -07:00 · 2021-08-09 15:12:02 -07:00 · 07fa17da87
commit 07fa17da87
parent 89e4b4fff3 61fb5d7202
3 changed files with 9 additions and 5 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -17,8 +17,6 @@ jobs:
      versions: ${{ steps.compare.outputs.versions }}

    permissions:
-      actions: read
-      contents: read
      security-events: write

    steps:
@ -68,8 +66,6 @@ jobs:
    runs-on: ${{ matrix.os }}

    permissions:
-      actions: read
-      contents: read
      security-events: write

    steps:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,7 +2,7 @@

 ## [UNRELEASED]

-No user facing changes.
+- Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)

 ## 1.0.11 - 09 Aug 2021

--- a/README.md
+++ b/README.md
@ -42,6 +42,14 @@ jobs:
    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
    runs-on: ubuntu-latest

+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2