🌿 Fern Regeneration -- August 31, 2025 #16
Conversation
![fern-api[bot]](https://avatars.githubusercontent.com/in/244756?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Rye | ||
| - name: Checkout repo | ||
| uses: actions/checkout@v4 | ||
| - name: Set up python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: 3.8 | ||
| - name: Bootstrap poetry | ||
| run: | | ||
| curl -sSf https://rye.astral.sh/get | bash | ||
| echo "$HOME/.rye/shims" >> $GITHUB_PATH | ||
| env: | ||
| RYE_VERSION: '0.44.0' | ||
| RYE_INSTALL_OPTION: '--yes' | ||
|
|
||
| - name: Bootstrap | ||
| run: ./scripts/bootstrap | ||
| curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1 | ||
| - name: Install dependencies | ||
| run: poetry install | ||
|
|
||
| - name: Run tests | ||
| run: ./scripts/test | ||
| - name: Test | ||
| run: poetry run pytest -rP . |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 20 days ago
To fix this issue, we should add a permissions block to the workflow to restrict the privileges of the GITHUB_TOKEN to the minimal required. For most CI workflows that check out code and run tests, contents: read is sufficient. The permissions block can be added either at the root level (for all jobs) or at the job level. The root-level block is simpler and recommended when all jobs require the same minimal permissions. This change should be made at the top of .github/workflows/ci.yml, preferably immediately after the name: and before the on: block. No imports or additional setup are needed, just this small addition to the YAML file.
| @@ -1,4 +1,6 @@ | ||
| name: ci | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: [push] | ||
| jobs: |
This PR regenerates code to match the latest API Definition.