From bf0e91db57e8fd319a7716824b18604f0a7f5224 Mon Sep 17 00:00:00 2001
From: Wu Qing <3184394176@qq.com>
Date: Mon, 1 Jun 2026 00:27:24 +0800
Subject: [PATCH] =?UTF-8?q?chore(ci):=20=E4=B8=BA=E5=B7=A5=E4=BD=9C?=
 =?UTF-8?q?=E6=B5=81=E5=A3=B0=E6=98=8E=E6=9C=80=E5=B0=8F=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=20(contents:=20read)=20(#96)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

修复 CodeQL actions/missing-workflow-permissions 告警：ci.yml 未显式声明
GITHUB_TOKEN 权限，默认可写。构建/测试仅需读取仓库内容，故收敛为 contents: read。
---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e8af6e8..3924233 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: [main, master]
 
+# 最小权限：构建/测试仅需读取仓库内容，显式声明以收敛默认的可写令牌。
+permissions:
+  contents: read
+
 jobs:
   backend:
     name: Go Build & Test