Grant permissions for CodeQL workflow

author: Serghei Iakovlev <egrep@protonmail.ch> 2022-07-27 01:39:41 +0200
committer: Serghei Iakovlev <egrep@protonmail.ch> 2022-07-27 01:39:41 +0200
commit: cfad20c63ed1b355238cc5fc528bdb290f375936 (patch)
tree: b2681038632d49caf71331d7105138f75483aa0b
parent: d168f31765fcc8afb06993cadab078c2f3586bb1 (diff)
download: gohugo-theme-ed-cfad20c63ed1b355238cc5fc528bdb290f375936.tar.gz
1 files changed, 21 insertions, 5 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 40cae60..57131a8 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,10 +1,14 @@
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
+  # The branches below must be a subset of the branches above
   pull_request:
-    branches: [ master ]
+    branches:
+      - master
+
   schedule:
     - cron: '0 11 * * *'
       #      | | | | |
@@ -16,13 +20,25 @@ on:
 
 jobs:
   analyze:
+    runs-on: ubuntu-20.04
     name: Analyze
-    runs-on: ubuntu-latest
+
+    # The maximum number of minutes to let a workflow run
+    # before GitHub automatically cancels it. Default: 360
+    timeout-minutes: 30
 
     strategy:
+      # When set to true, GitHub cancels
+      # all in-progress jobs if any matrix job fails.
       fail-fast: false
+
       matrix:
-        language: [ 'javascript' ]
+        language:
+          - javascript
+
+    permissions:
+      # required for all workflows
+      security-events: write
 
     steps:
       - name: Checkout code
author	Serghei Iakovlev <egrep@protonmail.ch>	2022-07-27 01:39:41 +0200
committer	Serghei Iakovlev <egrep@protonmail.ch>	2022-07-27 01:39:41 +0200
commit	cfad20c63ed1b355238cc5fc528bdb290f375936 (patch)
tree	b2681038632d49caf71331d7105138f75483aa0b
parent	d168f31765fcc8afb06993cadab078c2f3586bb1 (diff)
download	gohugo-theme-ed-cfad20c63ed1b355238cc5fc528bdb290f375936.tar.gz