diff options
| author | Jan Macku <jamacku@redhat.com> | 2023-01-26 09:13:24 +0100 |
|---|---|---|
| committer | Jan Macku <jamacku@redhat.com> | 2023-01-26 09:13:24 +0100 |
| commit | aaa1a230cff9968f03d454e3e68efd60bfe55413 (patch) | |
| tree | 49c29ec95ea58da10a4f161eacc830451d934e81 | |
| parent | 2af5fc89998a02780541ebe827e3d549d4d17093 (diff) | |
| download | strace-aaa1a230cff9968f03d454e3e68efd60bfe55413.tar.gz | |
ci: Add missing permission `security-events`
Differential ShellCheck requires permission `security-events: write`
to successfully upload the SARIF file to GitHub.
This permission might be optional for some repositories since they
allow all permissions for all workflows in settings. But I wouldn't advise
this setting since the best security practice is to allow only a minimal
set of required permissions.
| -rw-r--r-- | .github/workflows/differential-shellcheck.yml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index e5cb99eb3..504bcaa81 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -15,6 +15,9 @@ jobs: lint: runs-on: ubuntu-latest + permissions: + security-events: write + steps: - name: Repository checkout uses: actions/checkout@v3 |