From a13cb30e63ca8f0e008db214a4b24c1a4997f62d Mon Sep 17 00:00:00 2001
From: Sam <109683132+kernelsam@users.noreply.github.com>
Date: Fri, 26 Jan 2024 13:37:42 -0800
Subject: [PATCH] senzing-factory/build-resources#15 update go workflow
 permissions

---
 .github/workflows/go-proxy-pull.yaml       | 5 +++++
 .github/workflows/go-test-darwin.yaml      | 6 ++++++
 .github/workflows/go-test-linux.yaml       | 6 ++++++
 .github/workflows/go-test-windows.yaml     | 6 ++++++
 .github/workflows/gofmt.yaml               | 5 +++++
 .github/workflows/gosec.yaml               | 5 +++++
 .github/workflows/make-go-github-file.yaml | 6 +++++-
 .github/workflows/make-go-tag.yaml         | 6 +++++-
 8 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/go-proxy-pull.yaml b/.github/workflows/go-proxy-pull.yaml
index 4d882583..024223cc 100644
--- a/.github/workflows/go-proxy-pull.yaml
+++ b/.github/workflows/go-proxy-pull.yaml
@@ -5,10 +5,15 @@
 # - https://futurestud.io/tutorials/github-actions-run-a-workflow-when-creating-a-tag
 
 name: go-proxy-pull.yaml
+
 on:
   push:
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
+
+permissions:
+  contents: write
+
 jobs:
   go-proxy-pull:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/go-test-darwin.yaml b/.github/workflows/go-test-darwin.yaml
index f8479697..6dd9ac79 100644
--- a/.github/workflows/go-test-darwin.yaml
+++ b/.github/workflows/go-test-darwin.yaml
@@ -2,11 +2,17 @@
 # - https://github.com/marketplace/actions/setup-go-environment
 
 name: go-test-darwin.yaml
+
 on: [push]
+
 env:
   DYLD_LIBRARY_PATH: /opt/senzing/g2/lib:/opt/senzing/g2/lib/macos
   LD_LIBRARY_PATH: /opt/senzing/g2/lib:/opt/senzing/g2/lib/macos
   SENZING_TOOLS_DATABASE_URL: "sqlite3://na:na@/tmp/sqlite/G2C.db"
+
+permissions:
+  contents: read
+
 jobs:
   go-test-darwin:
     runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/go-test-linux.yaml b/.github/workflows/go-test-linux.yaml
index ea2ef05e..2d5bc387 100644
--- a/.github/workflows/go-test-linux.yaml
+++ b/.github/workflows/go-test-linux.yaml
@@ -2,10 +2,16 @@
 # - https://github.com/marketplace/actions/setup-go-environment
 
 name: go-test-linux.yaml
+
 on: [push]
+
 env:
   LD_LIBRARY_PATH: /opt/senzing/g2/lib
   SENZING_TOOLS_DATABASE_URL: "sqlite3://na:na@/tmp/sqlite/G2C.db"
+
+permissions:
+  contents: read
+
 jobs:
   go-test-linux:
     runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/go-test-windows.yaml b/.github/workflows/go-test-windows.yaml
index f78538aa..fd7c0765 100644
--- a/.github/workflows/go-test-windows.yaml
+++ b/.github/workflows/go-test-windows.yaml
@@ -2,9 +2,15 @@
 # - https://github.com/marketplace/actions/setup-go-environment
 
 name: go-test-windows.yaml
+
 on: [push]
+
 env:
   SENZING_TOOLS_DATABASE_URL: 'sqlite3://na:na@nowhere/C:\Temp\sqlite\G2C.db'
+
+permissions:
+  contents: read
+
 jobs:
   go-test-windows:
     runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/gofmt.yaml b/.github/workflows/gofmt.yaml
index 6bf9fbe2..59ced20d 100644
--- a/.github/workflows/gofmt.yaml
+++ b/.github/workflows/gofmt.yaml
@@ -1,7 +1,12 @@
 name: gofmt.yaml
+
 on:
   pull_request:
     branches: [main]
+
+permissions:
+  contents: read
+
 jobs:
   gofmt:
     uses: senzing-factory/build-resources/.github/workflows/gofmt.yaml@main
diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml
index 42443d80..ee7679ba 100644
--- a/.github/workflows/gosec.yaml
+++ b/.github/workflows/gosec.yaml
@@ -2,6 +2,7 @@
 # - https://github.com/securego/gosec
 
 name: gosec.yaml
+
 on:
   push:
     branches:
@@ -9,6 +10,10 @@ on:
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   gosec:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/make-go-github-file.yaml b/.github/workflows/make-go-github-file.yaml
index 7ba655bd..93e0674d 100644
--- a/.github/workflows/make-go-github-file.yaml
+++ b/.github/workflows/make-go-github-file.yaml
@@ -1,9 +1,13 @@
 name: make-go-github-file.yaml
+
 on:
   push:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+"
-permissions: write-all
+
+permissions:
+  contents: write
+
 jobs:
   make-go-github-file:
     uses: senzing-factory/build-resources/.github/workflows/make-go-github-file.yaml@main
diff --git a/.github/workflows/make-go-tag.yaml b/.github/workflows/make-go-tag.yaml
index ad7670fa..fa51bae5 100644
--- a/.github/workflows/make-go-tag.yaml
+++ b/.github/workflows/make-go-tag.yaml
@@ -1,9 +1,13 @@
 name: make-go-tag.yaml
+
 on:
   push:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+"
-permissions: write-all
+
+permissions:
+  contents: write
+
 jobs:
   make-go-tag:
     name: Make a vM.m.P tag