Skip to content

Release/v1.7.3.2 #1142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ljy65535 wants to merge 194 commits into from
Closed

Release/v1.7.3.2 #1142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
194 commits
Select commit Hold shift + click to select a range
869b93c
✨ Edit added models' max_tokens
Bavichi Aug 22, 2025
55bb057
✨ Edit added models' max_tokens
Bavichi Aug 22, 2025
89ec23e
Merge remote-tracking branch 'origin/develop' into bwq/0813_model_con…
Bavichi Aug 22, 2025
7cadf50
✨ Edit added models' max_tokens
Bavichi Aug 22, 2025
18c89d3
✨ Edit added models' max_tokens
Bavichi Aug 22, 2025
123c00f
test fixs
Bavichi Aug 22, 2025
06b02f7
test fixs
Bavichi Aug 22, 2025
e5b1917
test fixs
Bavichi Aug 25, 2025
ac874a7
Merge remote-tracking branch 'origin/develop' into bwq/0813_model_con…
Bavichi Aug 25, 2025
ed650ad
Merge remote-tracking branch 'origin/develop' into bwq/0813_model_con…
Bavichi Aug 26, 2025
67f2177
bug fix
Bavichi Aug 27, 2025
6c286b6
bug fix
Bavichi Aug 27, 2025
04b6859
♻️ Clean up unused code in attachment_utils
Summer-Si Aug 27, 2025
7d3a466
♻️ Clean up redundant get_supabase_client()
Summer-Si Aug 27, 2025
1fca9e2
♻️ Add an exception handling framework.
Aug 28, 2025
27909b4
🐛 Bug fix: deploy supabase failed on older docker-compose version
Jasonxia007 Aug 28, 2025
cc76fec
♻️ Add an exception handling framework.
Aug 28, 2025
fd50e89
🐛 fix docker source and remove workflow
Phinease Aug 28, 2025
1451d79
♻️ Add an exception handling framework.
Aug 28, 2025
a53ad81
♻️ Refactor: cleanup and format the translation file
Jasonxia007 Aug 28, 2025
7187620
♻️ Add an exception handling framework.
Aug 28, 2025
6a44d95
♻️ Add an exception handling framework.
Aug 28, 2025
1bbb1f7
♻️ Add an exception handling framework.
Aug 28, 2025
344fc23
♻️ Add an exception handling framework.
Phinease Aug 28, 2025
3c89e5a
♻️ cleanup and format the translation file
Phinease Aug 28, 2025
4b57107
query_all_tools♻️ Backend code cleanup and import organization (apps/…
WMC001 Aug 27, 2025
acedf33
♻️ Backend code cleanup and import organization (data_process/) #1037
WMC001 Aug 27, 2025
bdcdbb7
♻️ Backend code cleanup and import organization (database/) #1037
WMC001 Aug 28, 2025
8194d07
Merge remote-tracking branch 'origin/develop' into bwq/0813_model_con…
Bavichi Aug 29, 2025
e832ca4
♻️ Backend code cleanup and import order (Part1: apps/, consts/, data…
Phinease Aug 29, 2025
2aa4073
🔨 improve the CICD process.
Aug 29, 2025
ab76044
bug fix
Bavichi Aug 29, 2025
0887e45
🔨 improve the CICD process.
Aug 29, 2025
cc212d9
Merge remote-tracking branch 'origin/develop' into bwq/0813_model_con…
Bavichi Aug 29, 2025
6ae6067
🔨 improve the CICD process.
Phinease Aug 29, 2025
e9c9372
🔨 Delete the beta build process.
Aug 29, 2025
51a39a8
🐛 Bug Fix: rebuild to fix-up some missing translations
Jasonxia007 Aug 29, 2025
4a73db7
🔨 Delete the beta build process.
Phinease Aug 29, 2025
a8dbd60
🐛 rebuild to fix-up some missing translations
Phinease Aug 29, 2025
e32b3ab
♻️ Add conda initialization and optimize image building network conne…
WMC001 Aug 29, 2025
a32c6bd
♻️ Clean up redundant and useless code
Summer-Si Aug 29, 2025
595e39e
🐛 use translate key when embedding model mismatched
Phinease Aug 29, 2025
6524819
♻️ Clean up redundant and useless code
Summer-Si Aug 29, 2025
4ee398f
♻️ Add conda initialization and optimize image building network conne…
Phinease Aug 29, 2025
68dbf4f
🔨 improve the CICD process.
Aug 29, 2025
0c443e7
🔨 improve the CICD process.
Aug 29, 2025
a16dc76
🔨 improve the CICD process.
Aug 29, 2025
e8d7727
Merge: resolve conflicts and finalize integration
Summer-Si Aug 29, 2025
f01c436
🔨 improve the CICD process.
Aug 29, 2025
4a16d60
🔨 improve the CICD process.
Phinease Aug 29, 2025
a6cb436
♻️ Bugfix: Terminal tool cannot read the key files #1077
WMC001 Aug 30, 2025
fb0bd9e
♻️ fix test
Summer-Si Aug 30, 2025
048b514
♻️ fix hardcode invite code
Summer-Si Aug 30, 2025
4820e5a
🐛 Resolve the /indices?include_stats=true interface error. #1080
Aug 30, 2025
ce63601
🐛 Resolve the /indices?include_stats=true interface error. #1080
Aug 30, 2025
bb42546
🐛 Resolve the /indices?include_stats=true interface error. #1080
Aug 30, 2025
5053237
♻️ fix pytest
Summer-Si Aug 30, 2025
1dc3143
Merge pull request #1081 from ModelEngine-Group/jpl/jpl_0829
porkpink Aug 30, 2025
2b9954a
♻️ fix pytest
Summer-Si Aug 30, 2025
75fa23e
🐛 Bugfix: Terminal tool cannot read the key files #1077
liutao12138 Aug 30, 2025
b194056
♻️ fix invite_code Variable redundancy
Summer-Si Aug 30, 2025
f5a6971
🐛 mismatch the pattern of ````\n{{content}}\n```
ljy65535 Aug 30, 2025
064acaa
🧪 add test case
ljy65535 Aug 30, 2025
d87397e
♻️ refactor prompt_app.py & prompt_service.py, remove prompt/fine_tune
ljy65535 Sep 1, 2025
aa463c8
♻️ fix indent
ljy65535 Sep 1, 2025
f7e024d
📝 delete explanation of prompt_fine_tune.yaml
ljy65535 Sep 1, 2025
02ac503
📝 delete explanation of prompt_fine_tune.yaml
ljy65535 Sep 1, 2025
3691545
♻️ Refactor: Frontend code clean (/app/chat) #1037
WMC001 Sep 1, 2025
01ad8c5
♻️ English log
Summer-Si Sep 1, 2025
bf28872
🐛 delete redundant code
ljy65535 Sep 1, 2025
a74ace1
♻️ Refactor: Frontend code clean console.log (/app/chat) #1037
WMC001 Sep 1, 2025
4e7f556
✨ Edit added models' max_tokens
Phinease Sep 1, 2025
1c5a76a
🐛 move get_current_user_info from service to app
ljy65535 Sep 1, 2025
f50b6f9
🧪 fix test_core_agent.py
ljy65535 Sep 1, 2025
d976aee
♻️ add test
Summer-Si Sep 1, 2025
6c16754
Merge branch 'develop' into smm/refactor_utils
Summer-Si Sep 1, 2025
667af22
🐛 use HTTPStatus
ljy65535 Sep 1, 2025
50d6496
♻️ add test
Summer-Si Sep 1, 2025
25e5358
Merge remote-tracking branch 'origin/smm/refactor_utils' into smm/ref…
Summer-Si Sep 1, 2025
ddfc380
🐛 Fixed the issue of "when getting models in batches, I hope to autom…
Bavichi Sep 1, 2025
6b1a0da
♻️ refactor mcp app/service/db/test
ljy65535 Sep 1, 2025
f8cd64c
♻️后端Utils模块整改
liutao12138 Sep 2, 2025
9b44cf7
🧪 modify test_agent_service.py & test_remote_mcp_app.py
ljy65535 Sep 2, 2025
d68ae66
Merge remote-tracking branch 'origin/develop' into ljy/dev_refactor_0…
ljy65535 Sep 2, 2025
e6ca4b4
🧪 modify test_agent_service.py & test_remote_mcp_app.py
ljy65535 Sep 2, 2025
012224f
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
cd4d48a
🧪 modify test_remote_mcp_app.py
ljy65535 Sep 2, 2025
28b1cd1
🧪 modify test_remote_mcp_app.py
ljy65535 Sep 2, 2025
1a120e1
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
3b6e59b
🧪 modify test_remote_mcp_app.py
ljy65535 Sep 2, 2025
c98e5c7
Merge pull request #1095 from ModelEngine-Group/wmc/bugfix_0807
Phinease Sep 2, 2025
3dd02b7
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
6a57025
🐛 mismatch the pattern of ````\n{{content}}\n```
liutao12138 Sep 2, 2025
41b7b47
♻️ Refactor: Frontend code clean console.log (/app/setup/agentSetup) …
WMC001 Sep 2, 2025
3b325f0
🧪 modify test_remote_mcp_app.py
ljy65535 Sep 2, 2025
b4f67fb
♻️ refactor prompt_app.py & prompt_service.py, remove prompt/fine_tune
liutao12138 Sep 2, 2025
e1ea087
🧪 modify test_remote_mcp_app.py
ljy65535 Sep 2, 2025
28a5195
♻️ Reconstruct the app layer and service layer to comply with the MVC…
liutao12138 Sep 2, 2025
eaf82c8
♻️ add to menu bar
Summer-Si Sep 2, 2025
9e4eec1
♻️ Improvement: now taskWindow shows 'memory retrieving' message
Jasonxia007 Sep 2, 2025
8e789d0
🐛 fix logger name
ljy65535 Sep 2, 2025
c4613af
Revise prompt to use proper language
SimengBian Sep 2, 2025
7ceb2f0
✨ record embed model in PG
ljy65535 Sep 2, 2025
d57b15c
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
8dea292
🧪 add test file: test_knowledge_db.py
ljy65535 Sep 2, 2025
05016a3
🐛 Improved logic for single join model modification #1083
Bavichi Sep 2, 2025
b3ca528
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
48325e7
🐛 replace model_name to embedding_model_name
ljy65535 Sep 2, 2025
911a4ab
🐛 replace model_name to embedding_model_name
ljy65535 Sep 2, 2025
4c9e05e
🐛 replace model_name to embedding_model_name
ljy65535 Sep 2, 2025
daa6007
🐛 replace model_name to embedding_model_name
ljy65535 Sep 2, 2025
6e56200
♻️ Refactor: Frontend code clean (/components) #1037
WMC001 Sep 2, 2025
7c9bca7
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
2a3ef0b
🧪 modify test_tenant_config_app.py & test_knowledge_db.py
ljy65535 Sep 2, 2025
e248731
🧪 modify test_tenant_config_app.py
ljy65535 Sep 2, 2025
72874d5
🧪 Update test file test_create_agent_info.py
Jasonxia007 Sep 2, 2025
55cc9c0
🧪 modify test_tenant_config_app.py
ljy65535 Sep 2, 2025
0b2578a
🐛 Improved logic for single join model modification #1083
Bavichi Sep 2, 2025
8fd4476
♻️ refactor mcp app/service/db/test
liutao12138 Sep 2, 2025
a46ca06
🐛 Improved logic for single join model modification #1083
Bavichi Sep 2, 2025
00b0bc7
🧪 modify test_elasticsearch_service.py
ljy65535 Sep 2, 2025
e76d35e
♻️ Refactor: Frontend code clean (/app/setup/agentSetup) #1037
liutao12138 Sep 2, 2025
8ee893c
📝 Memory doc update
liutao12138 Sep 2, 2025
7369e26
✨ record embedding model used by each knowledge base in PG
liutao12138 Sep 2, 2025
9131057
♻️ Refactor: Frontend code clean (/components) #1037
liutao12138 Sep 2, 2025
8fb99fb
解决冲突
SimengBian Sep 2, 2025
5f288d8
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
9ae672d
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
7415dc3
🐛 Improved logic for single join model modification #1083
Bavichi Sep 2, 2025
7b9e9b2
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
d36e8f9
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 2, 2025
3e6caae
🐛 Revise prompt to use proper language
liutao12138 Sep 2, 2025
b956ec8
Merge remote-tracking branch 'origin/develop' into bwq/0902_edit_model
Bavichi Sep 3, 2025
3fb5d60
Merge branch 'develop' into xyc/memory_enhancement
Jasonxia007 Sep 3, 2025
c152d29
♻️ Improvement: now taskWindow shows 'memory retrieving' message
Jasonxia007 Sep 3, 2025
4559187
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
8c673cd
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
5db925f
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
37e732a
🐛 Improved logic for single join model modification #1083
Bavichi Sep 3, 2025
8afe086
Merge remote-tracking branch 'origin/develop' into bwq/0902_edit_model
Bavichi Sep 3, 2025
2bd7dcc
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
de5c73b
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
57bcc65
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
71bf5b9
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
26c4cfd
♻️ refactor mcp app/service/db/test case
ljy65535 Sep 3, 2025
333942e
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
783491d
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
8e67dce
♻️ refactor mcp app/service/db/test case
ljy65535 Sep 3, 2025
61c00c3
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
d8a5268
♻️ refactor mcp app/service/db/test case
ljy65535 Sep 3, 2025
380381c
🐛 Improved logic for single join model modification #1083
Bavichi Sep 3, 2025
1e43188
♻️ Reconstruct the app layer and service layer to comply with the MVC…
Sep 3, 2025
924f619
♻️ Refactor: Sort frontend imports (app/chat, app/setup/agentSetup, /…
WMC001 Sep 3, 2025
e87a281
♻️ Refactor: Sort frontend imports #1037
WMC001 Sep 3, 2025
f906f13
🐛 Fixed ray startup failure.
Sep 3, 2025
101a6d9
🐛 Fixed ray startup failure.
Sep 3, 2025
29b8b58
♻️ Sort frontend imports #1037
Phinease Sep 3, 2025
a092793
♻️ refactor tool app/service/db/test case
ljy65535 Sep 3, 2025
b67341a
♻️ Refactor the conversation_management_app&conversation_management_s…
Phinease Sep 3, 2025
a00d8b4
Merge remote-tracking branch 'origin/develop' into bwq/0902_edit_model
Bavichi Sep 3, 2025
05ced3b
♻️ refactor mcp app/service/db/test case
Phinease Sep 3, 2025
8c8aaf2
🧪 modify test_tool_config_app.py
ljy65535 Sep 3, 2025
cbb992c
🐛 Fixed ray startup failure.
Phinease Sep 3, 2025
37e848d
🧪 add test case in test_tool_db.py
ljy65535 Sep 3, 2025
0e76146
🐛 Improved logic for single join model modification #1083
Bavichi Sep 3, 2025
ce4ef02
♻️ refactor tool app/service/db/test case
Phinease Sep 3, 2025
574c09c
🐛 Bugfix: Do not display the terminal tool when this tool is not sele…
WMC001 Sep 3, 2025
5ffb109
🐛 BUG修复 agent调用关系展示优化
Mermaid97 Sep 4, 2025
44ecf43
🐛 BUG修复 agent调用关系展示优化 优化2,3点
Mermaid97 Sep 4, 2025
0d5c647
♻️ Refactor the file_management.
Sep 4, 2025
2913995
♻️ Refactor the file_management.
Sep 4, 2025
17a65e9
♻️ Refactor the file_management.
Sep 4, 2025
1802400
🐛 Improved logic for single join model modification #1083
Phinease Sep 4, 2025
b511115
♻️ Refactor: Sort backend imports #1037
WMC001 Sep 4, 2025
8549913
♻️ Refactor the file_management.
Sep 4, 2025
6d4188f
Merge remote-tracking branch 'origin/develop' into bwq/0901_model_ref…
Bavichi Sep 4, 2025
799598b
🐛 BUG修复 将当前agent配置下的功能都放在agentConfig.ts里,优化编码风格
Mermaid97 Sep 4, 2025
daee917
🐛 Improved logic for single join model modification #1083
Bavichi Sep 4, 2025
3cff5ab
🔨 Add docker automatic pull
Phinease Sep 4, 2025
63873d9
🔨 Add docker automatic pull
Phinease Sep 4, 2025
cc9ae78
🐛 Fixed the issue of "when getting models in batches, I hope to autom…
Phinease Sep 4, 2025
2139e23
♻️ Refactor the file_management.
Phinease Sep 4, 2025
a7f8e85
🐛 BUG修复 将当前agent配置下的功能都放在agentConfig.ts里,优化编码风格
Mermaid97 Sep 4, 2025
3da4346
🐛 fix When deploying, the mirror sources of db, kong, and auth in mai…
Sep 4, 2025
3f9585c
🐛 fix When deploying, the mirror sources of db, kong, and auth in mai…
Sep 4, 2025
3dbbb47
🐛 BUG修复 将当前agent配置下的功能都放在agentConfig.ts里,优化编码风格
Mermaid97 Sep 4, 2025
3e2b600
🐛 fix When deploying, the mirror sources of db, kong, and auth in mai…
Sep 4, 2025
b2b2400
🐛 fix When deploying, the mirror sources of db, kong, and auth in mai…
Sep 4, 2025
d515fb0
♻️ Refactor: Sort backend imports (unit test) #1037
WMC001 Sep 4, 2025
060609c
🔨 improve the CICD process.
Sep 4, 2025
e5b475a
🐛 fix When deploying, the mirror sources of db, kong, and auth in mai…
Phinease Sep 4, 2025
f151d38
🔨 improve the CICD process.
Phinease Sep 4, 2025
18cc4d6
🐛 Improve agent invocation relationship visualization
Phinease Sep 4, 2025
0b27fe2
♻️ Sort backend imports #1037
Phinease Sep 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
193 changes: 0 additions & 193 deletions .gitcode/workflows/docker-build-push-mainland.yml
View file
Open in desktop

This file was deleted.

53 changes: 53 additions & 0 deletions .github/workflows/auto-build-data-process-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Docker Build Data-Process Images

concurrency:
group: docker-build-data-process-dev-${{ github.ref }}
cancel-in-progress: true

on:
workflow_dispatch:
pull_request:
branches: [develop]
paths:
- 'backend/**'
- 'sdk/**'
- 'make/data_process/**'
- '.github/workflows/**'
push:
branches: [develop]
paths:
- 'backend/**'
- 'sdk/**'
- 'make/data_process/**'
- '.github/workflows/**'

jobs:
build-data-process-amd64:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Clone model
run: |
GIT_LFS_SKIP_SMUDGE=1 git clone https://huggingface.co/Nexent-AI/model-assets
cd ./model-assets
GIT_TRACE=1 GIT_CURL_VERBOSE=1 GIT_LFS_LOG=debug git lfs pull
rm -rf .git .gitattributes
- name: Build data process image (amd64) and load locally
run: |
docker build --platform linux/amd64 -t nexent/nexent-data-process:dev-amd64 -f make/data_process/Dockerfile .

build-data-process-arm64:
Comment on lines +26 to +40

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix this problem, we need to explicitly add a permissions: block specifying the least privilege required for the workflow jobs. Since both jobs only check out code and build Docker images, they do not require any special permissions—only the ability to read repository contents at most, so contents: read is enough. This block can be added at the workflow (top-level) right after the name: and before concurrency:, which will apply it to all jobs in the workflow. No other changes are required, and it will not affect any functionality of existing jobs.

Suggested changeset 1
.github/workflows/auto-build-data-process-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-data-process-dev.yml b/.github/workflows/auto-build-data-process-dev.yml
--- a/.github/workflows/auto-build-data-process-dev.yml
+++ b/.github/workflows/auto-build-data-process-dev.yml
@@ -1,4 +1,6 @@
 name: Docker Build Data-Process Images
+permissions:
+  contents: read
 
 concurrency:
   group: docker-build-data-process-dev-${{ github.ref }}
EOF
@@ -1,4 +1,6 @@
name: Docker Build Data-Process Images
permissions:
contents: read

concurrency:
group: docker-build-data-process-dev-${{ github.ref }}
Copilot is powered by AI and may make mistakes. Always verify output.
runs-on: ubuntu-24.04-arm
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Clone model
run: |
GIT_LFS_SKIP_SMUDGE=1 git clone https://huggingface.co/Nexent-AI/model-assets
cd ./model-assets
GIT_TRACE=1 GIT_CURL_VERBOSE=1 GIT_LFS_LOG=debug git lfs pull
rm -rf .git .gitattributes
- name: Build data process image (arm64) and load locally
run: |
docker build --platform linux/arm64 -t nexent/nexent-data-process:dev-arm64 -f make/data_process/Dockerfile .
Comment on lines +41 to +53

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To address this issue, we should explicitly set the minimum required permissions for the workflow. This can be done by adding a permissions block at the top level of the workflow YAML, before the jobs: key. The least privilege required for the steps shown (checking out code, cloning models, building Docker images) is read-only access to the repository contents. Therefore, set:

permissions:
  contents: read

No other permissions (write, etc.) are required here, so do not add them. Place the permissions: block after the name: and before concurrency: for clarity and conventional ordering.

Suggested changeset 1
.github/workflows/auto-build-data-process-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-data-process-dev.yml b/.github/workflows/auto-build-data-process-dev.yml
--- a/.github/workflows/auto-build-data-process-dev.yml
+++ b/.github/workflows/auto-build-data-process-dev.yml
@@ -1,5 +1,8 @@
 name: Docker Build Data-Process Images
 
+permissions:
+  contents: read
+
 concurrency:
   group: docker-build-data-process-dev-${{ github.ref }}
   cancel-in-progress: true
EOF
@@ -1,5 +1,8 @@
name: Docker Build Data-Process Images

permissions:
contents: read

concurrency:
group: docker-build-data-process-dev-${{ github.ref }}
cancel-in-progress: true
Copilot is powered by AI and may make mistakes. Always verify output.
41 changes: 41 additions & 0 deletions .github/workflows/auto-build-main-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Docker Build Main Images

concurrency:
group: docker-build-main-dev-${{ github.ref }}
cancel-in-progress: true

on:
workflow_dispatch:
pull_request:
branches: [develop]
paths:
- 'backend/**'
- 'sdk/**'
- 'make/main/**'
- '.github/workflows/**'
push:
branches: [develop]
paths:
- 'backend/**'
- 'sdk/**'
- 'make/main/**'
- '.github/workflows/**'

jobs:
build-main-amd64:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build main image (amd64) and load locally
run: |
docker build --platform linux/amd64 -t nexent/nexent:dev-amd64 -f make/main/Dockerfile .

build-main-arm64:
Comment on lines +26 to +34

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix this issue, you should add a permissions block to restrict GITHUB_TOKEN permissions. The best way is to add it at the workflow root level (near the top, after name: and before concurrency: or on:), so it applies to all jobs by default. For this Docker build workflow, only minimal permissions are needed for checking out code and building images; contents: read is enough. No additional methods, imports, or definitions are required—simply add the permissions configuration.

Suggested changeset 1
.github/workflows/auto-build-main-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-main-dev.yml b/.github/workflows/auto-build-main-dev.yml
--- a/.github/workflows/auto-build-main-dev.yml
+++ b/.github/workflows/auto-build-main-dev.yml
@@ -1,4 +1,6 @@
 name: Docker Build Main Images
+permissions:
+  contents: read
 
 concurrency:
   group: docker-build-main-dev-${{ github.ref }}
EOF
@@ -1,4 +1,6 @@
name: Docker Build Main Images
permissions:
contents: read

concurrency:
group: docker-build-main-dev-${{ github.ref }}
Copilot is powered by AI and may make mistakes. Always verify output.
runs-on: ubuntu-24.04-arm
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build main image (arm64) and load locally
run: |
docker build --platform linux/arm64 -t nexent/nexent:dev-arm64 -f make/main/Dockerfile .
Comment on lines +35 to +41

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix this problem, you should add an explicit permissions block to the workflow to restrict the default GITHUB_TOKEN permissions granted to all jobs. Since the jobs in this workflow only check out code and build Docker images—and do not modify repository contents, create issues, or interact with pull requests—you should set contents: read as the minimum required permission. This change can be made at the workflow level (top of the file, after name), which will apply to all jobs unless overridden. No changes to the jobs or steps are necessary.

Suggested changeset 1
.github/workflows/auto-build-main-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-main-dev.yml b/.github/workflows/auto-build-main-dev.yml
--- a/.github/workflows/auto-build-main-dev.yml
+++ b/.github/workflows/auto-build-main-dev.yml
@@ -1,4 +1,6 @@
 name: Docker Build Main Images
+permissions:
+  contents: read
 
 concurrency:
   group: docker-build-main-dev-${{ github.ref }}
EOF
@@ -1,4 +1,6 @@
name: Docker Build Main Images
permissions:
contents: read

concurrency:
group: docker-build-main-dev-${{ github.ref }}
Copilot is powered by AI and may make mistakes. Always verify output.
37 changes: 37 additions & 0 deletions .github/workflows/auto-build-terminal-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Docker Build Terminal Images

concurrency:
group: docker-build-terminal-dev-${{ github.ref }}
cancel-in-progress: true

on:
workflow_dispatch:
pull_request:
branches: [develop]
paths:
- 'make/terminal/**'
- '.github/workflows/**'
push:
branches: [develop]
paths:
- 'make/terminal/**'
- '.github/workflows/**'

jobs:
build-terminal-amd64:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build terminal image (amd64) and load locally
run: |
docker build --platform linux/amd64 -t nexent/nexent-ubuntu-terminal:dev-amd64 -f make/terminal/Dockerfile .

build-terminal-arm64:
Comment on lines +22 to +30

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To resolve the flagged issue, add a permissions block at the root level of the workflow YAML (ideally just below the workflow name and before concurrency). This block should restrict the GITHUB_TOKEN to only the necessary privilege. For this workflow, the minimal safe permission is to allow read-only access to repository contents (contents: read). No job in this workflow (based on the code provided) requires additional write permission.
Edit .github/workflows/auto-build-terminal-dev.yml by inserting the following block immediately after line 1:

permissions:
  contents: read

No additional imports or dependencies are required.

Suggested changeset 1
.github/workflows/auto-build-terminal-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-terminal-dev.yml b/.github/workflows/auto-build-terminal-dev.yml
--- a/.github/workflows/auto-build-terminal-dev.yml
+++ b/.github/workflows/auto-build-terminal-dev.yml
@@ -1,4 +1,6 @@
 name: Docker Build Terminal Images
+permissions:
+  contents: read
 
 concurrency:
   group: docker-build-terminal-dev-${{ github.ref }}
EOF
@@ -1,4 +1,6 @@
name: Docker Build Terminal Images
permissions:
contents: read

concurrency:
group: docker-build-terminal-dev-${{ github.ref }}
Copilot is powered by AI and may make mistakes. Always verify output.
runs-on: ubuntu-24.04-arm
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build terminal image (arm64) and load locally
run: |
docker build --platform linux/arm64 -t nexent/nexent-ubuntu-terminal:dev-arm64 -f make/terminal/Dockerfile .
Comment on lines +31 to +37

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix the problem, you should add a permissions block at the workflow root level in the .github/workflows/auto-build-terminal-dev.yml file, immediately after the name: key and before any jobs or other blocks. Since all jobs shown only require code checkout and do local docker builds, the minimal permission required is contents: read. This ensures the GITHUB_TOKEN only has read access to repository contents for all jobs in this workflow, following the principle of least privilege. No other permissions appear necessary per the current workflow steps.

Suggested changeset 1
.github/workflows/auto-build-terminal-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-terminal-dev.yml b/.github/workflows/auto-build-terminal-dev.yml
--- a/.github/workflows/auto-build-terminal-dev.yml
+++ b/.github/workflows/auto-build-terminal-dev.yml
@@ -1,4 +1,6 @@
 name: Docker Build Terminal Images
+permissions:
+  contents: read
 
 concurrency:
   group: docker-build-terminal-dev-${{ github.ref }}
EOF
@@ -1,4 +1,6 @@
name: Docker Build Terminal Images
permissions:
contents: read

concurrency:
group: docker-build-terminal-dev-${{ github.ref }}
Copilot is powered by AI and may make mistakes. Always verify output.
39 changes: 39 additions & 0 deletions .github/workflows/auto-build-web-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Docker Build Web Images

concurrency:
group: docker-build-web-dev-${{ github.ref }}
cancel-in-progress: true

on:
workflow_dispatch:
pull_request:
branches: [develop]
paths:
- 'frontend/**'
- 'make/web/**'
- '.github/workflows/**'
push:
branches: [develop]
paths:
- 'frontend/**'
- 'make/web/**'
- '.github/workflows/**'

jobs:
build-web-amd64:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build web image (amd64) and load locally
run: |
docker build --platform linux/amd64 -t nexent/nexent-web:dev-amd64 -f make/web/Dockerfile .

build-web-arm64:
Comment on lines +24 to +32

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix this issue, we must add a permissions block at the workflow root (above the jobs: key), as no individual jobs have special permissions needs. This block should specifically set contents: read as the minimal starting point, which allows code checkout but blocks write access. If future workflow changes require more permissions (e.g., writing to issues or PRs), these can be added in a fine-grained manner. The change consists of inserting the following block into .github/workflows/auto-build-web-dev.yml, right after the workflow name (recommended) but, in any case, before the jobs: block.

Suggested changeset 1
.github/workflows/auto-build-web-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-web-dev.yml b/.github/workflows/auto-build-web-dev.yml
--- a/.github/workflows/auto-build-web-dev.yml
+++ b/.github/workflows/auto-build-web-dev.yml
@@ -1,4 +1,6 @@
 name: Docker Build Web Images
+permissions:
+  contents: read
 
 concurrency:
   group: docker-build-web-dev-${{ github.ref }}
EOF
@@ -1,4 +1,6 @@
name: Docker Build Web Images
permissions:
contents: read

concurrency:
group: docker-build-web-dev-${{ github.ref }}
Copilot is powered by AI and may make mistakes. Always verify output.
runs-on: ubuntu-24.04-arm
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build web image (arm64) and load locally
run: |
docker build --platform linux/arm64 -t nexent/nexent-web:dev-arm64 -f make/web/Dockerfile .
Comment on lines +33 to +39

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To address this issue, you should add a permissions block to the workflow, ideally at the root level so it applies to all jobs unless overridden. According to least privilege principles for the given workflow, set contents: read. This is a sufficient minimal baseline for typical operations like checking out code. This change should be made at the top level of the file, after the name: and before concurrency: or on:, to ensure the permissions setting is inherited by both jobs. No additional code, methods, or imports are needed since this is a configuration change within the YAML file.

Suggested changeset 1
.github/workflows/auto-build-web-dev.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/auto-build-web-dev.yml b/.github/workflows/auto-build-web-dev.yml
--- a/.github/workflows/auto-build-web-dev.yml
+++ b/.github/workflows/auto-build-web-dev.yml
@@ -1,4 +1,6 @@
 name: Docker Build Web Images
+permissions:
+  contents: read
 
 concurrency:
   group: docker-build-web-dev-${{ github.ref }}
EOF
@@ -1,4 +1,6 @@
name: Docker Build Web Images
permissions:
contents: read

concurrency:
group: docker-build-web-dev-${{ github.ref }}
Copilot is powered by AI and may make mistakes. Always verify output.
Loading