- adds missing permissions to codeql workflow

Signed-off-by: Vincent Biret <vibiret@microsoft.com>
microsoft · Feb 5, 2024 · 5f4cfe1 · 5f4cfe1
1 parent d554f40
commit 5f4cfe1
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
@@ -3,9 +3,14 @@ name: Build and Test
 on:
   workflow_dispatch:
   push:
-    branches: [ 'main', 'dev', 'feature/*' ]
+    branches: ["main", "dev", "feature/*"]
   pull_request:
-    branches: [ 'main', 'dev' ]
+    branches: ["main", "dev"]
+
+permissions:
+  contents: read #those permissions are required to run the codeql analysis
+  actions: read
+  security-events: write
 
 jobs:
   build-and-test:
@@ -17,7 +22,7 @@ jobs:
       - name: Setup .NET
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: 7.x
+          dotnet-version: 8.x
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
         with:
@@ -29,4 +34,4 @@ jobs:
       - name: Test
         run: dotnet test ${{ env.solutionName }} --no-build --verbosity normal -c Debug /p:CollectCoverage=true /p:CoverletOutput=TestResults/ /p:CoverletOutputFormat=opencover
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v3