ivuorinen/base-configs
1
0
Fork 0
mirror of https://github.com/ivuorinen/base-configs.git synced 2026-02-27 10:52:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee3606e3cb811b17b89271e9e176e466dbf61511
base-configs/.github/workflows
History
Ismo Vuorinen ee3606e3cb fix(ci): consolidate CodeQL workflows with proper permissions (#473) 
* fix(ci): consolidate CodeQL workflows with proper permissions

Merge codeql.yml and codeql-analysis.yml into a single workflow.
Add top-level permissions block to fix Checkov CKV2_GHA_1.

Changes:
- Add top-level permissions (actions: read, contents: read)
- Add merge_group trigger
- Enable security-and-quality query suite
- Use javascript-typescript language with build-mode: none
- Remove redundant codeql-analysis.yml

* fix(ci): include all required permissions at job level

Job-level permissions override top-level permissions in GitHub Actions
rather than extending them. Add actions: read and contents: read to
the job-level block so the analyze job retains all required permissions.
2026-02-26 22:20:14 +02:00
..
codeql.yml
fix(ci): consolidate CodeQL workflows with proper permissions (#473)
2026-02-26 22:20:14 +02:00
pr-lint.yml
chore(deps): update dependencies, release config
2026-02-25 21:41:04 +02:00
pr.yml
chore(deps): update simek/yarn-lock-changes action (v0.14.0 → v0.14.1) (#464)
2026-02-09 10:37:35 +00:00
publish.yml
chore(deps): update dependencies, release config
2026-02-25 21:41:04 +02:00
stale.yml
chore(deps): update dependencies, release config
2026-02-25 21:41:04 +02:00
sync-labels.yml
chore(deps): update dependencies, release config
2026-02-25 21:41:04 +02:00