ci: set permissions for nested workflows

petl-developers · Mar 14, 2024 · 84e28f2 · 84e28f2
1 parent 3ed6dbe
commit 84e28f2
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/.github/workflows/test-changes.yml b/.github/workflows/test-changes.yml
@@ -204,9 +204,19 @@ jobs:
 
   call-workflow-codeql:
     needs: test-source-code
-    uses: ./.github/workflows/codeql-analysis.yml@master
+    uses: ./.github/workflows/codeql-analysis.yml
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
+      security-events: write
 
   call-workflow-codacity:
     needs: test-source-code
-    uses: ./.github/workflows/codacy-analysis.yml@master
+    uses: ./.github/workflows/codacy-analysis.yml
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
+      security-events: write