Update codeql-code-scanning.yml

hoist permissions
epreston · Mar 7, 2024 · e0e418e · e0e418e
1 parent 1259cce
commit e0e418e
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/.github/workflows/codeql-code-scanning.yml b/.github/workflows/codeql-code-scanning.yml
@@ -22,6 +22,14 @@ on:
 #   group: ci-${{ github.event.pull_request.number || github.ref }}
 #   cancel-in-progress: true
 
+permissions:
+  # required for all workflows
+  security-events: write
+
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
@@ -35,14 +43,6 @@ jobs:
       matrix:
         language: ['javascript']
 
-    permissions:
-      # required for all workflows
-      security-events: write
-
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4