From 2d5d14de8e5521e6c6e22a665e5ca3b2a33ec3a9 Mon Sep 17 00:00:00 2001
From: temenuzhka-thede <temenuzhka.thede@docker.com>
Date: Fri, 27 Oct 2023 00:26:52 -0500
Subject: [PATCH] Add permissions block to top workflow level

Signed-off-by: temenuzhka-thede <temenuzhka.thede@docker.com>

specify go version

Signed-off-by: temenuzhka-thede <temenuzhka.thede@docker.com>

move back per issions block

Signed-off-by: temenuzhka-thede <temenuzhka.thede@docker.com>
---
 .github/workflows/codeql.yml | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 8fb4c021d..49f6e63fc 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -20,19 +20,27 @@ on:
       - '**/*.yml'
       - '**/*_test.go'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+env:
+  GO_VERSION: 1.19
+
 jobs:
   analyze:
     name: Analyze
     runs-on: 'ubuntu-latest'
+    strategy:
+      fail-fast: false
+      matrix:
+        language: 
+          - go
     permissions:
       actions: read
       contents: read
       security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [go]
         
     steps:
     -
@@ -42,8 +50,8 @@ jobs:
       name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version-file: go.mod
-        check-latest: true
+        go-version: ${{ env.GO_VERSION }}
+        cache: true
     -
       name: Initialize CodeQL
       uses: github/codeql-action/init@v2