robojerk/codeql-action

Add a permissions block for generated workflows

Browse source 
Ensure that all workflows are able to write security events.
This commit is contained in:
Andrew Eisenberg 2022-01-31 16:11:00 -08:00
parent e9d52340a3
commit e9aa2c6f62
18 changed files with 37 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/__debug-artifacts.yml generated vendored
View file

@ -32,6 +32,8 @@ jobs:
- nightly-latest
os: [ubuntu-latest, macos-latest]
name: Debug artifact upload
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [latest]
os: [ubuntu-latest]
name: Extractor ram and threads options test
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
- macos-latest
- windows-latest
name: 'Go: Custom queries'
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__go-custom-tracing-autobuild.yml generated vendored
View file

@ -32,6 +32,8 @@ jobs:
- nightly-latest
os: [ubuntu-latest, macos-latest]
name: 'Go: Autobuild custom tracing'
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__go-custom-tracing.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
- macos-latest
- windows-latest
name: 'Go: Custom tracing'
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [latest, cached, nightly-latest] # This feature is not compatible with old CLIs
os: [ubuntu-latest]
name: Custom source root
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -32,6 +32,8 @@ jobs:
- nightly-latest
os: [ubuntu-latest, macos-latest]
name: Multi-language repository
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [nightly-20210831] # This CLI version is known to work with package used in this test
os: [ubuntu-latest, macos-latest]
name: 'Packaging: Config and input'
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [nightly-20210831] # This CLI version is known to work with package used in this test
os: [ubuntu-latest, macos-latest]
name: 'Packaging: Config file'
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [nightly-20210831] # This CLI version is known to work with package used in this test
os: [ubuntu-latest, macos-latest]
name: 'Packaging: Action input'
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__remote-config.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
- macos-latest
- windows-latest
name: Remote config file
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -32,6 +32,8 @@ jobs:
- nightly-latest
os: [ubuntu-latest]
name: RuboCop multi-language
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__split-workflow.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [nightly-20210831] # This CLI version is known to work with package used in this test
os: [ubuntu-latest, macos-latest]
name: Split workflow
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [nightly-latest]
os: [ubuntu-latest]
name: Local CodeQL bundle
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__test-proxy.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [latest]
os: [ubuntu-latest]
name: Proxy test
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__test-ruby.yml generated vendored
View file

@ -26,6 +26,8 @@ jobs:
version: [latest, cached, nightly-latest]
os: [ubuntu-latest, macos-latest]
name: Ruby analysis
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository

2
.github/workflows/__unset-environment.yml generated vendored
View file

@ -32,6 +32,8 @@ jobs:
- nightly-latest
os: [ubuntu-latest]
name: Test unsetting environment variables
permissions:
security-events: write
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository