Open felickz opened 2 months ago
This change makes no sense.
https://github.com/actions/starter-workflows/commit/f5cfb3ea9c17d9f3031dc88a7b065108653916e8 added actions: read
So as of today, this should just work: https://github.com/actions/starter-workflows/blob/2435e576016b3fdd46574a49126d65bfd0d4872f/code-scanning/credo.yml#L33-L36
Beyond that, because the job itself already defines permissions, defining additional permissions at the workflow level will have no impact.
For the curious, I'm also trying to fix github/codeql-action/upload-sarif
so that it won't need this permission in the future, but that's not really relevant to this PR.
Fixes error seen when running workflow on a non public repo - need to add
actions: read
permission for the upload action to invoke GET workflow-runsPrecedent: https://github.com/actions/starter-workflows/blob/607f368fb03ddbf9bfd194f77f160f5da2dd9ab2/code-scanning/codeql.yml#L32-L38