Merge pull request #724 from mcserep/codeql-toplevel-permission

Move CodeQL workflow permissions to the top level
Ericsson · Apr 28, 2024 · 194afa2 · 194afa2
2 parents fe1b8fb + b004bcc
commit 194afa2
Showing 1 changed file with 7 additions and 12 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -8,17 +8,18 @@ on:
   schedule:
     - cron: '22 16 * * 5'
 
+permissions:
+  # required for all workflows
+  security-events: write
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 jobs:
   analyze-jsts:
     name: Analyze JavaScript-TypeScript
     runs-on: ubuntu-22.04
     timeout-minutes: 360
-    permissions:
-      # required for all workflows
-      security-events: write
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
 
     steps:
     - name: Checkout repository
@@ -45,12 +46,6 @@ jobs:
       DOWNLOAD_PATH: ${{github.workspace}}/dependencies/download
     runs-on: ubuntu-22.04
     timeout-minutes: 360
-    permissions:
-      # required for all workflows
-      security-events: write
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
 
     steps:
     - name: Checkout repository