Merge pull request #724 from mcserep/codeql-toplevel-permission

intjftw · web-flow · commit 194afa25212c · 2024-04-28T16:15:50.000+02:00
Move CodeQL workflow permissions to the top level
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -8,17 +8,18 @@ on:
   schedule:
     - cron: '22 16 * * 5'
 
+permissions:
+  # required for all workflows
+  security-events: write
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 jobs:
   analyze-jsts:
     name: Analyze JavaScript-TypeScript
     runs-on: ubuntu-22.04
     timeout-minutes: 360
-    permissions:
-      # required for all workflows
-      security-events: write
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
 
     steps:
     - name: Checkout repository
@@ -45,12 +46,6 @@ jobs:
       DOWNLOAD_PATH: ${{github.workspace}}/dependencies/download
     runs-on: ubuntu-22.04
     timeout-minutes: 360
-    permissions:
-      # required for all workflows
-      security-events: write
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
 
     steps:
     - name: Checkout repository
