fix(ci): fix codeql invocation

nijel · nijel · commit ba5fb0351eb5 · 2025-01-20T12:34:45.000+01:00
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -15,22 +15,23 @@ on:
   schedule:
   - cron: 0 4 * * 0
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     name: Analyze
     runs-on: ubuntu-24.04
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [python]
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
 
     - name: Autobuild
       uses: github/codeql-action/autobuild@v3
