修改了 `.github/workflows/go-tag-release.yml` 文件,为工作流增加了默认的 `contents: read` 权限,并细化了标签发布时的权限设置,使其仅对内容具有写权限。
@@ -1,4 +1,6 @@
name: Check And Publish Golang Project
+permissions:
+ contents: read
on:
push:
@@ -170,7 +172,8 @@ jobs:
- build-ubuntu
- build-windows
if: startsWith(github.ref, 'refs/tags/')
- permissions: write-all
+ permissions:
+ contents: write
steps:
- name: Checkout code
