Skip to content

chore(ci): add base script for building and testing #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 17, 2025
Merged

chore(ci): add base script for building and testing #43

merged 7 commits into from
Jul 17, 2025

Conversation

rodet
Copy link
Contributor

@rodet rodet commented Jul 16, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 16, 2025
View reviewed changes
.github/workflows/buildTest.yml
Comment on lines +7 to +22
runs-on: ubuntu-latest
defaults:
run:
working-directory: .
steps:
- uses: actions/checkout@v4
- name: Read .nvmrc
run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
id: nvm
- name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
- run: npm ci
- run: npm run build
- run: npm run test

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 days ago

To fix the issue, we will add a permissions block at the root of the workflow file. This block will specify the least privileges required for the workflow to function correctly. Based on the provided workflow, it primarily involves checking out the repository, setting up Node.js, installing dependencies, building the project, and running tests. These tasks only require contents: read permissions, as no write operations are performed.

The permissions block will be added after the name field and before the on field in the workflow file.

Suggested changeset 1
.github/workflows/buildTest.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/buildTest.yml b/.github/workflows/buildTest.yml
--- a/.github/workflows/buildTest.yml
+++ b/.github/workflows/buildTest.yml
@@ -1,2 +1,4 @@
 name: Carbon React Router starter template CI
+permissions:
+  contents: read
 
EOF
@@ -1,2 +1,4 @@
name: Carbon React Router starter template CI
permissions:
contents: read

Copilot is powered by AI and may make mistakes. Always verify output.
Mikadv
Mikadv reviewed Jul 17, 2025
View reviewed changes
@rodet rodet requested a review from Mikadv July 17, 2025 11:29
@Mikadv Mikadv merged commit cad1456 into main Jul 17, 2025
5 checks passed
@Mikadv Mikadv deleted the ci-enablement branch July 17, 2025 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mikadv Mikadv Mikadv approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rodet @Mikadv