Setup repo for community maintenance #15
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| node-version: [22] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Install pnpm | ||
| uses: pnpm/action-setup@v4 | ||
| - name: Use Node.js ${{ matrix.node-version }} | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: ${{ matrix.node-version }} | ||
| cache: 'pnpm' | ||
| - name: Install dependencies | ||
| run: pnpm install | ||
| - name: Check for linter errors | ||
| run: pnpm lint | ||
|
|
||
| test: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix this issue, add the permissions key to the workflow file to explicitly set the minimum permissions required. Since neither the lint nor the build job needs to perform write operations (such as creating issues, pushing code, etc.), contents: read is a sufficient and secure default. Add this at the workflow root, after the name and before on, so it applies to all jobs. No other code or configuration changes are needed in this case.
| @@ -1,4 +1,6 @@ | ||
| name: CI | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: [push, pull_request] | ||
|
|
Sidnioulz
force-pushed
the
setup
branch
3 times, most recently
from
bf4f17d to
81eaa24
Compare
Signed-off-by: Steve Dodier-Lazaro <sidnioulz@gmail.com>
BREAKING CHANGE: This addon is now an ESM-only package, and requires Storybook 10 or newer. Signed-off-by: Steve Dodier-Lazaro <sidnioulz@gmail.com>
Signed-off-by: Steve Dodier-Lazaro <sidnioulz@gmail.com>
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| node-version: [22] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Install pnpm | ||
| uses: pnpm/action-setup@v4 | ||
| - name: Use Node.js ${{ matrix.node-version }} | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: ${{ matrix.node-version }} | ||
| cache: 'pnpm' | ||
| - name: Install dependencies | ||
| run: pnpm install | ||
| - name: Run build | ||
| run: pnpm build |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix this problem, set an explicit permissions block restricting what the GitHub Actions jobs can do via the GITHUB_TOKEN. Since the workflow only runs linting and build steps (with no deployment, PR, or issue manipulation), the minimal required permission is contents: read. We should add the following at the top level, just below the workflow name, so it applies to all jobs. No change to functionality will result from this alteration.
- File/region to change:
.github/workflows/continuous-integration.yml, directly below thename: CI(after line 1). - What is needed:
Add apermissionssection:No further imports, method, or definition changes are needed.permissions: contents: read
| @@ -1,4 +1,6 @@ | ||
| name: CI | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: [push, pull_request] | ||
|
|
📦 Published PR as canary version:
9.0.2--canary.15.3e3d0e9.0✨ Test out this PR locally via:
npm install @storybook/addon-queryparams@9.0.2--canary.15.3e3d0e9.0 # or yarn add @storybook/addon-queryparams@9.0.2--canary.15.3e3d0e9.0