Add missing permissions to access feature flags

henrymercer · henrymercer · commit 59245fd15994 · 2026-02-27T17:39:20.000+01:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -31,6 +31,8 @@ jobs:
 
     permissions:
       contents: read
+      # We currently need `security-events: read` to access feature flags.
+      security-events: read
 
     steps:
     - uses: actions/checkout@v6
diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml
@@ -41,6 +41,8 @@ jobs:
       CODEQL_ACTION_TEST_MODE: true
     permissions:
       contents: read
+      # We currently need `security-events: read` to access feature flags.
+      security-events: read
     timeout-minutes: 45
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml
@@ -40,6 +40,8 @@ jobs:
     timeout-minutes: 45
     permissions:
       contents: read
+      # We currently need `security-events: read` to access feature flags.
+      security-events: read
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml
@@ -26,6 +26,8 @@ jobs:
     timeout-minutes: 45
     permissions:
       contents: read
+      # We currently need `security-events: read` to access feature flags.
+      security-events: read
     runs-on: windows-latest
 
     steps:
