Mercurial > vim

diff .github/workflows/codeql-analysis.yml @ 30515:5b94b8c82687 v9.0.0593

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.0593: CI actions have too many permissions Commit: https://github.com/vim/vim/commit/311df6bb0f861154e6a27144c226c805c7554a94 Author: Alex <aleksandrosansan@gmail.com> Date: Mon Sep 26 15:52:46 2022 +0100 patch 9.0.0593: CI actions have too many permissions Problem: CI actions have too many permissions. Solution: Restrict permissions to what is required. (closes https://github.com/vim/vim/issues/11223)
author Bram Moolenaar <Bram@vim.org>
date Mon, 26 Sep 2022 17:00:03 +0200
parents a8c0c5865e73
children db65486d8d75
line wrap: on
line diff
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -21,8 +21,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   analyze:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      security-events: write #  (github/codeql-action/autobuild)
+
     name: Analyze
     runs-on: ubuntu-latest