From 3a489bb3a8d185a0a2521b15d484b4ff2f1aeba7 Mon Sep 17 00:00:00 2001
From: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
Date: Thu, 15 Feb 2024 15:13:17 -0500
Subject: [PATCH] Fix CodeQL pipeline failure

CodeQL Analyze job fails with:`Resource not accessible by integration`,
and logs show the following help:

This run of the CodeQL Action does not have permission to access Code
Scanning API endpoints.
As a result, it will not be opted into any experimental features.
This could be because the Action is running on a pull request from a fork.
If not, please ensure the Action has the 'security-events: write' permission.
Details: Resource not accessible by integration

Add `security-events: write`, along with default `contents` and
`packages` read permissions.

Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
---
 .github/workflows/codeql.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 49af6eda32..1e98251f64 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,6 +31,11 @@ on:
 env:
   GO_VERSION: "1.19.x"
 
+permissions:
+  contents: read
+  packages: read
+  security-events: write
+
 jobs:
   CodeQL-Build:
     runs-on: ubuntu-latest