Updates the permissions block to be minimal

aeisenberg · aeisenberg · commit f3744744d5fc · 2021-08-09T11:41:49.000-07:00
And adds a permissions block to the README.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -17,8 +17,6 @@ jobs:
       versions: ${{ steps.compare.outputs.versions }}
 
     permissions:
-      actions: read
-      contents: read
       security-events: write
 
     steps:
@@ -68,8 +66,6 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     permissions:
-      actions: read
-      contents: read
       security-events: write
 
     steps:
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 ## [UNRELEASED]
 
-No user facing changes.
+- Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)
 
 ## 1.0.10 - 03 Aug 2021
 
diff --git a/README.md b/README.md
@@ -42,6 +42,9 @@ jobs:
     # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
 
+    permissions:
+      security-events: write
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
