patch 9.0.0593: CI actions have too many permissions

Problem: CI actions have too many permissions. Solution: Restrict permissions to what is required. (closes #11223)
2022-09-26 15:52:46 +01:00
parent 838b746cce
commit 311df6bb0f
4 changed files with 15 additions and 0 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -21,8 +21,15 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
  cancel-in-progress: true

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  analyze:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      security-events: write #  (github/codeql-action/autobuild)
+
    name: Analyze
    runs-on: ubuntu-latest