From 945e0f99fc081280709a2201af83b6705fe0a37e Mon Sep 17 00:00:00 2001
From: "T.J. Corrigan" <tjcorr@github.com>
Date: Thu, 28 Mar 2024 12:36:34 +0000
Subject: [PATCH] add explicit permissions needde by upload-sarif

---
 .github/workflows/tf-unit-tests.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/tf-unit-tests.yml b/.github/workflows/tf-unit-tests.yml
index b9beeb8..67bfdd4 100644
--- a/.github/workflows/tf-unit-tests.yml
+++ b/.github/workflows/tf-unit-tests.yml
@@ -3,6 +3,11 @@ name: 'Terraform Unit Tests'
 on:
   push:
 
+permissions:
+  security-events: write # Needed to upload-sarif
+  contents: read # Needed to clone repo
+  actions: read # Potentially needed for private repositories (see https://github.com/github/codeql-action/issues/2117)
+
 jobs:
   terraform-unit-tests:
     name: 'Terraform Unit Tests'