From 3cfdaa65620be4741003ede5beeafdc0ab599e6a Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Wed, 11 Dec 2024 17:54:25 -0300
Subject: [PATCH] [CONFIG] [Github Actions] codeql analysis standardization.

---
 .github/workflows/codeql.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d8cd500..f80bec4 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -34,13 +34,25 @@ on: # yamllint disable-line rule:truthy
 
 jobs:
   analyze:
-    name: Analyze
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources
+    # for possible analysis time improvements.
     runs-on:
       ${{ (matrix.language == 'swift' && 'macos-14') || 'ubuntu-24.04' }}
     permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
       actions: read
       contents: read
-      security-events: write
 
     strategy:
       fail-fast: false