patch 9.0.0593: CI actions have too many permissions Problem: CI actions have too many permissions. Solution: Restrict permissions to what is required. (closes #11223)

commit: 311df6bb0f861154e6a27144c226c805c7554a94 [log] [tgz]
author: Alex <aleksandrosansan@gmail.com> Mon Sep 26 15:52:46 2022 +0100
committer: Bram Moolenaar <Bram@vim.org> Mon Sep 26 15:52:46 2022 +0100
tree: 73269e6b635854c363853400bc7135bed4095fda
parent: 838b746cce7ea863acdb81e3f44eec2ea90de92a [diff] [blame]
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index efb9e66..efd91a4 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml

@@ -21,8 +21,15 @@
   group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   analyze:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      security-events: write #  (github/codeql-action/autobuild)
+
     name: Analyze
     runs-on: ubuntu-latest
commit	311df6bb0f861154e6a27144c226c805c7554a94	[log] [tgz]
author	Alex <aleksandrosansan@gmail.com>	Mon Sep 26 15:52:46 2022 +0100
committer	Bram Moolenaar <Bram@vim.org>	Mon Sep 26 15:52:46 2022 +0100
tree	73269e6b635854c363853400bc7135bed4095fda
parent	838b746cce7ea863acdb81e3f44eec2ea90de92a [diff] [blame]