.github: set permissions contents to read

If a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the write permission only to a specific types as "issues: write" or "pull-requests: write".
author: Shulhan <ms@kilabit.info> 2026-02-15 12:53:54 +0700
committer: Shulhan <ms@kilabit.info> 2026-02-15 12:53:54 +0700
commit: 3f780768650cf8a55d2f7310f09c7a936cf0ae16 (patch)
tree: e17106144328b706f45f4fdc8887791a904f48dd
parent: 1844b9e48d0f5f7f3e9c8de026181d04d74c92ab (diff)
download: pakakeh.go-3f780768650cf8a55d2f7310f09c7a936cf0ae16.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index a5ac4f4e..d4e64ca1 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -1,8 +1,9 @@
-# SPDX-FileCopyrightText: 2019 M. Shulhan <ms@kilabit.info>
-#
 # SPDX-License-Identifier: BSD-3-Clause
+# SPDX-FileCopyrightText: 2019 M. Shulhan <ms@kilabit.info>
 
 name: Go1.25.0
+permissions:
+  contents: read
 on: [push]
 jobs:
   build:
author	Shulhan <ms@kilabit.info>	2026-02-15 12:53:54 +0700
committer	Shulhan <ms@kilabit.info>	2026-02-15 12:53:54 +0700
commit	3f780768650cf8a55d2f7310f09c7a936cf0ae16 (patch)
tree	e17106144328b706f45f4fdc8887791a904f48dd
parent	1844b9e48d0f5f7f3e9c8de026181d04d74c92ab (diff)
download	pakakeh.go-3f780768650cf8a55d2f7310f09c7a936cf0ae16.tar.xz