Add permissions block to top workflow level

Signed-off-by: temenuzhka-thede <temenuzhka.thede@docker.com> specify go version Signed-off-by: temenuzhka-thede <temenuzhka.thede@docker.com> move back per issions block Signed-off-by: temenuzhka-thede <temenuzhka.thede@docker.com>
docker-archive · Oct 27, 2023 · 2d5d14d · 2d5d14d
1 parent 5eca716
commit 2d5d14d
Showing 1 changed file with 15 additions and 7 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -20,19 +20,27 @@ on:
       - '**/*.yml'
       - '**/*_test.go'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+env:
+  GO_VERSION: 1.19
+
 jobs:
   analyze:
     name: Analyze
     runs-on: 'ubuntu-latest'
+    strategy:
+      fail-fast: false
+      matrix:
+        language: 
+          - go
     permissions:
       actions: read
       contents: read
       security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [go]
 
     steps:
     -
@@ -42,8 +50,8 @@ jobs:
       name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version-file: go.mod
-        check-latest: true
+        go-version: ${{ env.GO_VERSION }}
+        cache: true
     -
       name: Initialize CodeQL
       uses: github/codeql-action/init@v2