chore(ci): 为工作流声明最小权限 (contents: read)

修复 CodeQL actions/missing-workflow-permissions 告警：ci.yml 未显式声明 GITHUB_TOKEN 权限，默认可写。构建/测试仅需读取仓库内容，故收敛为 contents: read。
2026-06-21 17:43:40 +08:00 · 2026-06-01 00:23:23 +08:00
parent 37092f3167
commit 9fb90e8829
1 changed files with 4 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,10 @@ on:
  pull_request:
    branches: [main, master]

+# 最小权限：构建/测试仅需读取仓库内容，显式声明以收敛默认的可写令牌。
+permissions:
+  contents: read
+
 jobs:
  backend:
    name: Go Build & Test