robojerk/codeql-action

Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests.

Browse source
This commit is contained in:
Chris Gavin 2021-04-30 13:42:00 +01:00
parent 643bc6e3ed
commit e305db89c2
No known key found for this signature in database
GPG key ID: 07F950B80C27E4DA
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/codeql.yml vendored
View file

@ -14,7 +14,9 @@ jobs:
versions: ${{ steps.compare.outputs.versions }} versions: ${{ steps.compare.outputs.versions }}
permissions: permissions:
actions: read
contents: read contents: read
security-events: write
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -63,6 +65,7 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
permissions: permissions:
actions: read
contents: read contents: read
security-events: write security-events: write