Add a permissions block for generated workflows

Ensure that all workflows are able to write security events.
github · Feb 1, 2022 · e9aa2c6 · e9aa2c6
1 parent e9d5234
commit e9aa2c6
Show file tree

Hide file tree

Showing 18 changed files with 37 additions and 1 deletion.
diff --git a/.github/workflows/__debug-artifacts.yml b/.github/workflows/__debug-artifacts.yml
diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml
diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml
diff --git a/.github/workflows/__go-custom-tracing-autobuild.yml b/.github/workflows/__go-custom-tracing-autobuild.yml
diff --git a/.github/workflows/__go-custom-tracing.yml b/.github/workflows/__go-custom-tracing.yml
diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml
diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml
diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml
diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml
diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml
diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml
diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml
diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml
diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml
diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml
diff --git a/.github/workflows/__test-ruby.yml b/.github/workflows/__test-ruby.yml
diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml
diff --git a/pr-checks/sync.py b/pr-checks/sync.py
@@ -23,7 +23,6 @@
 
 """
 
-
 class NonAliasingRTRepresenter(ruamel.yaml.representer.RoundTripRepresenter):
     def ignore_aliases(self, data):
         return True
@@ -71,6 +70,9 @@ def writeHeader(checkStream):
             }
         },
         'name': checkSpecification['name'],
+        'permissions': {
+            'security-events': 'write'
+        },
         'runs-on': '${{ matrix.os }}',
         'steps': steps
     }