Scope CodeQL write permissions to the analyze job

2026-06-15 00:16:15 +08:00 · 2026-06-01 10:49:42 -07:00 · 2026-06-01 10:49:42 -07:00 · 2538c89e71
commit 2538c89e71
parent b18919cb38
1 changed files with 4 additions and 2 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -8,12 +8,14 @@ on:

 permissions:
  contents: read
-  security-events: write
-  actions: read

 jobs:
  analyze:
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
    steps:
    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0