From 03f28d5066c9318edab55303ed4a0dc762946b50 Mon Sep 17 00:00:00 2001
From: Patrick Linnane <patrick@linnane.io>
Date: Fri, 27 Dec 2024 10:10:42 -0800
Subject: [PATCH] workflows/codeql: fix zizmor findings

Signed-off-by: Patrick Linnane <patrick@linnane.io>
---
 .github/workflows/codeql.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 42b2368..f00b0d6 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -8,18 +8,19 @@ on:
    branches:
      - main
 
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
 jobs:
   analyze:
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      with:
+        persist-credentials: false
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0