run tests on every PR#59
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Run tests | ||
| run: npm test | ||
|
|
||
| - name: Run type check | ||
| run: npm run typecheck | ||
|
|
||
| - name: Run lint | ||
| run: npm run lint No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 11 months ago
To fix the problem, you should add a permissions block to the workflow to restrict the permissions granted to the GITHUB_TOKEN. The best way to do this is to add the block at the root level of the workflow file, so it applies to all jobs unless overridden. For this workflow, the minimal required permission is contents: read, which allows the workflow to read repository contents but not modify them. This change should be made at the top of the .github/workflows/test.yml file, immediately after the name field and before the on field. No additional imports or definitions are needed.
| @@ -1,2 +1,4 @@ | ||
| name: Test | ||
| permissions: | ||
| contents: read | ||
|
|
3 participants
No description provided.