ci: apply correct permissions to codeql job

Also bumps the codeql action to v3 as now deprecated Signed-off-by: Simon Emms <[email protected]>
crossplane · Sep 27, 2024 · e0c7742 · e0c7742
1 parent 2e0b022
commit e0c7742
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -7,6 +7,10 @@ on:
       - release-*
   workflow_dispatch: {}
 
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   detect-noop:
     runs-on: ubuntu-22.04
@@ -34,9 +38,9 @@ jobs:
           submodules: true
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: go
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3