Conversation
feat: improve typescript
…ralizing to other configurations
Feat/add coverage
…nseeFr/Pearl-Jam into feat-individual-phone-tracking
Feat/migrate typescript
fix test fix fix fix fix fix disable test wait fix fix fix fix fix fix fix fix fix fix fix fix fix feat: add unit test fix fix fix fix fix fix fix fix fix fix fix fix fix fix fix fix fix fix fix fix feat: test
Feat/docker manu
* fix: transmissions * fix : updated tests * fix: update callback dep * fix: simplified code for useIdentificationQuestion.ts
fix: remove typescript errors
* feat: migration to Orval + compose/ci/playwright update --------- Co-authored-by: Pierre-Raphaël Wozny <pierre-raphael.wozny@insee.fr>
* fix: house tel identification update * fix: stubing role env var * fix: typo
* fix: version bump
* feat: collect history
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| timeout-minutes: 60 | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Pearl | ||
| uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: lts/* | ||
| - name: Run Docker Compose | ||
| run: | | ||
| docker compose --env-file ./.env.docker --profile playwright up -d | ||
| yarn | ||
| npx playwright install --with-deps chromium | ||
| npx playwright test | ||
| - uses: actions/upload-artifact@v4 | ||
| if: ${{ !cancelled() }} | ||
| with: | ||
| name: playwright-report | ||
| path: playwright-report/ | ||
| retention-days: 7 |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 months ago
The solution is to add a permissions block that restricts the GITHUB_TOKEN permissions to the least privileges required. In this case, as the workflow checks out code but does not need to write to the repository, the minimal permissions contents: read is sufficient. The permissions block can be added either at the root of the workflow or within the specific job. Since there's a single job, placing it at the job level is fine, but placing it at the root level ensures expansion to future jobs. The recommended best practice is to add it at the root, right below the workflow name/on trigger, so it applies globally to all jobs that do not specify their own permissions.
Edit .github/workflows/playwright.yml by inserting the following block after the name (and before on:):
permissions:
contents: readNo changes to imports or functionality are needed—just the addition of this YAML block.
| @@ -1,4 +1,6 @@ | ||
| name: Playwright Tests | ||
| permissions: | ||
| contents: read | ||
| on: | ||
| pull_request: | ||
| branches: |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/setup-node@v4 | ||
| - run: yarn --frozen-lockfile | ||
| build: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 months ago
To fix the problem, we should add an explicit permissions key to the workflow so that jobs only get minimal permissions (typically contents: read), unless more is required. Since neither job appears to require write permissions (they only set up dependencies, build, and run SonarCloud scanning), the safest approach is to add a permissions block at the root level (so both jobs inherit it) and assign at least contents: read. If further permissions are needed for SonarCloud, those can be added later (but generally, contents: read is sufficient for most CI jobs that only need to fetch code and report status).
Add the following at the top level, just under the workflow name (before or after on:), as per GitHub Actions YAML syntax. No imports or new dependencies are needed. The fix requires only an added block to the YAML file.
| @@ -1,4 +1,6 @@ | ||
| name: Sonar | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| - run: yarn | ||
| - run: yarn test --coverage | ||
| - name: SonarCloud Scan | ||
| uses: sonarsource/sonarcloud-github-action@master | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| SONAR_TOKEN: ${{ secrets. SONAR_TOKEN }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
* feat: multiple interrogations queen endpoint * feat: queen state data
5 participants
No description provided.