From bba81105b35339fcc5e8fde14c2bf3a910120b18 Mon Sep 17 00:00:00 2001
From: Michael Friesen <3517159+mtfriesen@users.noreply.github.com>
Date: Tue, 13 Feb 2024 12:40:35 -0500
Subject: [PATCH] permissions!

---
 .github/workflows/build.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 78d534e0..9aef297b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -42,11 +42,11 @@ on:
         default: false
         type: bool
 
-permissions:
-  actions: read
-  contents: read
+env:
   if: inputs.codeql
-    security-events: write  # For CodeQL
+    security-events-permissions: write
+  if: "!${{ inputs.codeql }}"
+    security-events-permissions: none
 
 jobs:
   build:
@@ -57,7 +57,7 @@ jobs:
     permissions:
       actions: read
       contents: read
-      security-events: write  # For CodeQL
+      security-events: ${{ vars.security-events-permissions }}
     steps:
     - name: Checkout repository
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
@@ -66,7 +66,7 @@ jobs:
         submodules: recursive
         ref: ${{ inputs.ref }}
     - name: Initialize CodeQL
-      if: ${{ github.event_name == 'schedule' }}
+      if: inputs.codeql
       uses: github/codeql-action/init@v3
       with:
         languages: c-cpp