ci: set permissions for nested workflows

juarezr · juarezr · commit be5385c1a51d · 2024-03-14T20:12:30.000-03:00
diff --git a/.github/workflows/test-changes.yml b/.github/workflows/test-changes.yml
@@ -204,9 +204,19 @@ jobs:
 
   call-workflow-codeql:
     needs: test-source-code
-    uses: ./.github/workflows/codeql-analysis.yml@master
+    uses: ./.github/workflows/codeql-analysis.yml
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
+      security-events: write
 
   call-workflow-codacity:
     needs: test-source-code
-    uses: ./.github/workflows/codacy-analysis.yml@master
+    uses: ./.github/workflows/codacy-analysis.yml
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
+      security-events: write
 
