From d2f2335c5f418370aac1557464bc610a252977bb Mon Sep 17 00:00:00 2001
From: Shigeo Hashimoto <sg0hsmt@gmail.com>
Date: Sat, 31 Jul 2021 21:13:44 +0900
Subject: [PATCH 1/2] Add permissions settings to action test

---
 .github/workflows/test.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 72e368e620..d37e021885 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,6 +28,9 @@ jobs:
           - "v1.37"
           - "v1.37.1"
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+      pull-requests: read
     steps:
       - uses: actions/checkout@v2
       - uses: ./
@@ -44,6 +47,8 @@ jobs:
           - macos-latest
           - windows-latest
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v2
       - uses: ./

From 0d84784fbaa5956e7c2dd2004c0deff52e188b43 Mon Sep 17 00:00:00 2001
From: Shigeo Hashimoto <sg0hsmt@gmail.com>
Date: Sat, 31 Jul 2021 21:14:08 +0900
Subject: [PATCH 2/2] Add permissions settings to example config

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 1e781a37cb..273e59a322 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,10 @@ on:
       - master
       - main
   pull_request:
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  # pull-requests: read
 jobs:
   golangci:
     name: lint
@@ -75,6 +79,10 @@ on:
       - master
       - main
   pull_request:
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  # pull-requests: read
 jobs:
   golangci:
     strategy: