Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests.

chrisgavin · chrisgavin · commit e305db89c2dc · 2021-04-30T13:47:54.000+01:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -14,7 +14,9 @@ jobs:
       versions: ${{ steps.compare.outputs.versions }}
 
     permissions:
+      actions: read
       contents: read
+      security-events: write
 
     steps:
     - uses: actions/checkout@v2
@@ -63,6 +65,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     permissions:
+      actions: read
       contents: read
       security-events: write
 
