From cfad20c63ed1b355238cc5fc528bdb290f375936 Mon Sep 17 00:00:00 2001
From: Serghei Iakovlev <egrep@protonmail.ch>
Date: Wed, 27 Jul 2022 01:39:41 +0200
Subject: Grant permissions for CodeQL workflow

---
 .github/workflows/codeql-analysis.yml | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 40cae60..57131a8 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,10 +1,14 @@
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
+  # The branches below must be a subset of the branches above
   pull_request:
-    branches: [ master ]
+    branches:
+      - master
+
   schedule:
     - cron: '0 11 * * *'
       #      | | | | |
@@ -16,13 +20,25 @@ on:
 
 jobs:
   analyze:
+    runs-on: ubuntu-20.04
     name: Analyze
-    runs-on: ubuntu-latest
+
+    # The maximum number of minutes to let a workflow run
+    # before GitHub automatically cancels it. Default: 360
+    timeout-minutes: 30
 
     strategy:
+      # When set to true, GitHub cancels
+      # all in-progress jobs if any matrix job fails.
       fail-fast: false
+
       matrix:
-        language: [ 'javascript' ]
+        language:
+          - javascript
+
+    permissions:
+      # required for all workflows
+      security-events: write
 
     steps:
       - name: Checkout code
-- 
cgit v1.2.3