🌿 Fern Regeneration -- September 1, 2025 #19
Conversation
![fern-api[bot]](https://avatars.githubusercontent.com/in/244756?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Rye | ||
| - name: Checkout repo | ||
| uses: actions/checkout@v4 | ||
| - name: Set up python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: 3.8 | ||
| - name: Bootstrap poetry | ||
| run: | | ||
| curl -sSf https://rye.astral.sh/get | bash | ||
| echo "$HOME/.rye/shims" >> $GITHUB_PATH | ||
| env: | ||
| RYE_VERSION: '0.44.0' | ||
| RYE_INSTALL_OPTION: '--yes' | ||
|
|
||
| - name: Bootstrap | ||
| run: ./scripts/bootstrap | ||
| curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1 | ||
| - name: Install dependencies | ||
| run: poetry install | ||
|
|
||
| - name: Run tests | ||
| run: ./scripts/test | ||
| - name: Test | ||
| run: poetry run pytest -rP . |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 19 days ago
The best way to fix this problem is to explicitly add a permissions block at either the workflow level (top-level, after name:) or at the job level (under each job, e.g., compile: and test:). Since neither job in the provided workflow requires write access—and all commands only read the code and run install/test/compile tasks—the required minimum permission is contents: read. Adding this at the top-level will enforce least privilege for every job. Edit .github/workflows/ci.yml by inserting the following block after the name: ci line:
permissions:
contents: readNo changes to imports, methods, variables, or dependencies are needed.
| @@ -1,4 +1,6 @@ | ||
| name: ci | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: [push] | ||
| jobs: |
This PR regenerates code to match the latest API Definition.