From 06d4e82bd27643a253ce347ed90b34c283c69b1e Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Mon, 2 May 2022 11:30:43 -0700 Subject: [PATCH] Add permissions block to workflow --- .github/workflows/update-required-checks.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-required-checks.yml b/.github/workflows/update-required-checks.yml index 5740a63061..d55abc8798 100644 --- a/.github/workflows/update-required-checks.yml +++ b/.github/workflows/update-required-checks.yml @@ -22,13 +22,15 @@ jobs: run: echo "$GITHUB_CONTEXT" - name: Update checks + env: + GITHUB_TOKEN: "${{ secrets.CODEQL_CI_TOKEN }}" run: | # Update the required checks based on the current branch. # Typically, this will be main. echo "Getting checks for $GITHUB_SHA" # Ignore any checks with "https://", CodeQL, LGTM, and Update checks. - CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") | not)] | sort')" + CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update-") | not)] | sort')" echo "::group::New Checks" echo "$CHECKS" | jq