robojerk/codeql-action

Grant security-events: write permissions

Browse source
This commit is contained in:
Josh Soref 2023-05-22 23:01:26 -04:00
parent 8f9b20ba50
commit dba4f66682
31 changed files with 95 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -68,6 +68,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: "Analyze: 'ref' and 'sha' from inputs" name: "Analyze: 'ref' and 'sha' from inputs"
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -32,6 +32,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: latest version: latest
name: autobuild-action name: autobuild-action
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__config-export.yml generated vendored
View file

@ -38,6 +38,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Config export name: Config export
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -44,6 +44,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Diagnostic export name: Diagnostic export
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__export-file-baseline-information.yml generated vendored
View file

@ -32,6 +32,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Export file baseline information name: Export file baseline information
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -28,6 +28,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Extractor ram and threads options test name: Extractor ram and threads options test
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -68,6 +68,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Go: Custom queries' name: 'Go: Custom queries'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -54,6 +54,9 @@ jobs:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'Go: tracing with autobuilder step' name: 'Go: tracing with autobuilder step'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -54,6 +54,9 @@ jobs:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'Go: tracing with custom build steps' name: 'Go: tracing with custom build steps'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -54,6 +54,9 @@ jobs:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'Go: tracing with legacy workflow' name: 'Go: tracing with legacy workflow'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

8
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -44,6 +44,10 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Download using registries' name: 'Packaging: Download using registries'
permissions:
contents: read
packages: read
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
@ -128,9 +132,5 @@ jobs:
cat $QLCONFIG_PATH cat $QLCONFIG_PATH
exit 1 exit 1
fi fi
permissions:
contents: read
packages: read
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

3
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -32,6 +32,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Custom source root name: Custom source root
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__ml-powered-queries.yml generated vendored
View file

@ -68,6 +68,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: ML-powered queries name: ML-powered queries
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -54,6 +54,9 @@ jobs:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Multi-language repository name: Multi-language repository
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -44,6 +44,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config and input passed to the CLI' name: 'Packaging: Config and input passed to the CLI'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -44,6 +44,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config and input' name: 'Packaging: Config and input'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -44,6 +44,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config file' name: 'Packaging: Config file'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -44,6 +44,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Action input' name: 'Packaging: Action input'
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__remote-config.yml generated vendored
View file

@ -68,6 +68,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Remote config file name: Remote config file
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -28,6 +28,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: cached version: cached
name: RuboCop multi-language name: RuboCop multi-language
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__ruby.yml generated vendored
View file

@ -38,6 +38,9 @@ jobs:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Ruby analysis name: Ruby analysis
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__split-workflow.yml generated vendored
View file

@ -38,6 +38,9 @@ jobs:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Split workflow name: Split workflow
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__submit-sarif-failure.yml generated vendored
View file

@ -32,6 +32,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Submit SARIF after failure name: Submit SARIF after failure
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__swift-custom-build.yml generated vendored
View file

@ -38,6 +38,9 @@ jobs:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Swift analysis using a custom build command name: Swift analysis using a custom build command
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -28,6 +28,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Autobuild working directory name: Autobuild working directory
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -28,6 +28,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Local CodeQL bundle name: Local CodeQL bundle
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__test-proxy.yml generated vendored
View file

@ -28,6 +28,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Proxy test name: Proxy test
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__unset-environment.yml generated vendored
View file

@ -40,6 +40,9 @@ jobs:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Test unsetting environment variables name: Test unsetting environment variables
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -68,6 +68,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: "Upload-sarif: 'ref' and 'sha' from inputs" name: "Upload-sarif: 'ref' and 'sha' from inputs"
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

3
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -68,6 +68,9 @@ jobs:
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Use a custom `checkout_path` name: Use a custom `checkout_path`
permissions:
contents: read
security-events: write
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:

4
pr-checks/sync.py
View file

@ -101,6 +101,10 @@ for file in os.listdir('checks'):
} }
}, },
'name': checkSpecification['name'], 'name': checkSpecification['name'],
'permissions': {
'contents': 'read',
'security-events': 'write'
},
'timeout-minutes': 45, 'timeout-minutes': 45,
'runs-on': '${{ matrix.os }}', 'runs-on': '${{ matrix.os }}',
'steps': steps, 'steps': steps,