Commit e5a5209
committed
fix(ci): grant security-events: write to release workflow
The security reusable workflow's secrets job requests
security-events: write to upload the betterleaks SARIF report.
When called from release.yml, GitHub intersects caller and callee
permissions and uses the most restrictive; release.yml only declared
contents: read, so the SARIF permission was dropped to none and the
workflow failed at startup before any job ran.
Add security-events: write to the release.yml workflow-level
permissions block so the reusable security workflow can run end
to end on tag pushes.1 parent 29b9644 commit e5a5209
1 file changed
Lines changed: 1 addition & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| 10 | + | |
10 | 11 | | |
11 | 12 | | |
12 | 13 | | |
| |||
0 commit comments