From efe6ec1e8264aae654abb95e290d1d21d5bcde16 Mon Sep 17 00:00:00 2001
From: cjihrig <cjihrig@gmail.com>
Date: Wed, 5 Feb 2025 20:14:53 -0500
Subject: [PATCH] ci: update permissions for CodeQL action

This commit updates the CodeQL scanning job's permissions as
recommended in several places.

Refs: https://github.com/octokit/types.ts/blob/bb399b2f7126e587f2d6ff590bf3cffb9560c542/.github/workflows/codeql.yml#L11-L14
Refs: https://github.com/github/codeql/issues/8843
Fixes: https://github.com/kubernetes-client/javascript/issues/2193
---
 .github/workflows/codeql-analysis.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5e26d84bfb..c96cf6f6ef 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -21,6 +21,11 @@ on:
     schedule:
         - cron: '35 14 * * 3'
 
+permissions:
+    actions: read
+    contents: read
+    security-events: write
+
 jobs:
     analyze:
         name: Analyze