try to fix codeql workflow (#994)

ko-build · Mar 20, 2023 · 5e7dad5 · 5e7dad5
1 parent 5499f6f
commit 5e7dad5
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/.github/workflows/analyze.yaml b/.github/workflows/analyze.yaml
@@ -11,15 +11,18 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
     steps:
     - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
-
-    - uses: github/codeql-action/init@a589d4087ea22a0a48fc153d1b461886e262e0f2 # v2.2.7
+    - uses: github/codeql-action/init@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7
       with:
         languages: go
-    - uses: github/codeql-action/autobuild@a589d4087ea22a0a48fc153d1b461886e262e0f2 # v2.2.7
-    - uses: github/codeql-action/analyze@a589d4087ea22a0a48fc153d1b461886e262e0f2 # v2.2.7
+    - uses: github/codeql-action/autobuild@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7
+    - uses: github/codeql-action/analyze@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7