This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch gh-permission
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 0b67350084086f8a6067ae865d8fb715ab3a6a9a
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Fri Dec 9 10:25:59 2022 +0100
Applies permission to GH workflows
---
.github/workflows/codeql.yml | 10 +++++++++-
.github/workflows/maven.yml | 2 ++
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 147129c17..cc9af2b6d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -20,6 +20,14 @@ on:
branches: [ "master" ]
pull_request:
+permissions:
+ # Needed to upload the results to code-scanning dashboard.
+ security-events: write
+ actions: read
+ contents: read
+ # Needed to access OIDC token.
+ id-token: write
+
jobs:
analyze:
name: Analyze
@@ -38,7 +46,7 @@ jobs:
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
- languages: ${{ matrix.language }}
+ languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 9a0d796aa..7218879ba 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -21,6 +21,8 @@ on:
branches:
- master
+permissions: read-all
+
env:
MAVEN_OPTS: -Xmx2048m -Xms1024m
LANG: en_US.utf8
