fix(ci): grant security-events and packages permissions to security job

Reusable workflow calls inherit only explicitly granted permissions. The nested security job requires packages: read and security-events: write for CodeQL analysis. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 05:12:19 +00:00 · 2026-03-30 10:16:30 +02:00
parent 6861b2c0eb
commit eca7084f4e
1 changed files with 4 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,6 +15,10 @@ jobs:
  security:
    name: Run security workflow
    uses: ./.github/workflows/security.yml
+    permissions:
+      contents: read
+      packages: read
+      security-events: write

  tests:
    name: Run test workflow