From b004bcc10087a9dcc3b358ab29edd70c83ab87e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1t=C3=A9=20Cser=C3=A9p?= <mcserep@gmail.com>
Date: Sun, 17 Mar 2024 11:25:58 +0100
Subject: [PATCH] Move CodeQL workflow permissions to the top level.

---
 .github/workflows/codeql.yml | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index db45d6a2e..85a08bc94 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -8,17 +8,18 @@ on:
   schedule:
     - cron: '22 16 * * 5'
 
+permissions:
+  # required for all workflows
+  security-events: write
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 jobs:
   analyze-jsts:
     name: Analyze JavaScript-TypeScript
     runs-on: ubuntu-22.04
     timeout-minutes: 360
-    permissions:
-      # required for all workflows
-      security-events: write
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
 
     steps:
     - name: Checkout repository
@@ -45,12 +46,6 @@ jobs:
       DOWNLOAD_PATH: ${{github.workspace}}/dependencies/download
     runs-on: ubuntu-22.04
     timeout-minutes: 360
-    permissions:
-      # required for all workflows
-      security-events: write
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
 
     steps:
     - name: Checkout repository