Add missing security permissions to workflows (recreated PR) (#971)

jwintel · web-flow · commit 701ce060fbe1 · 2025-05-27T12:04:24.000-07:00
* Add missing security permissions to codeql.yml

* Add permissions to build-on-windows.yml

* Add permissions to linters.yml

* Add permissions to build-test-deploy.yml

* Change CodeQL to run on any branch, not just master

* Undo trigger changes

* Change CodeQL to run on any PR

* Add push rule
diff --git a/.github/workflows/build-on-windows.yml b/.github/workflows/build-on-windows.yml
@@ -1,5 +1,8 @@
 name: Build gProfiler on Windows
 
+permissions:
+  contents: read
+
 on: pull_request
 
 jobs:
diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml
@@ -7,6 +7,9 @@
 
 name: Build, test and deploy
 
+permissions:
+  contents: read
+
 on:
   pull_request:
   push:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -11,13 +11,14 @@
 #
 name: "CodeQL Advanced"
 
-on:
-  push:
-    branches: [ "master" ]
+permissions: 
+  security-events: write
+
+on: 
   pull_request:
-    branches: [ "master" ]
-  schedule:
-    - cron: '05 19 * * 2'
+  push:
+    tags:
+      - '**'
 
 jobs:
   analyze:
diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml
@@ -1,5 +1,8 @@
 name: Linters
 
+permissions:
+  contents: read
+
 on: pull_request
 
 jobs:
