🌿 Fern Regeneration -- September 2, 2025 #27
Conversation
![fern-api[bot]](https://avatars.githubusercontent.com/in/244756?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Rye | ||
| - name: Checkout repo | ||
| uses: actions/checkout@v4 | ||
| - name: Set up python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: 3.8 | ||
| - name: Bootstrap poetry | ||
| run: | | ||
| curl -sSf https://rye.astral.sh/get | bash | ||
| echo "$HOME/.rye/shims" >> $GITHUB_PATH | ||
| env: | ||
| RYE_VERSION: '0.44.0' | ||
| RYE_INSTALL_OPTION: '--yes' | ||
|
|
||
| - name: Bootstrap | ||
| run: ./scripts/bootstrap | ||
| curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1 | ||
| - name: Install dependencies | ||
| run: poetry install | ||
|
|
||
| - name: Run tests | ||
| run: ./scripts/test | ||
| - name: Test | ||
| run: poetry run pytest -rP . |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 18 days ago
To fix the problem, a permissions: block should be added to the workflow to explicitly restrict permissions granted to GITHUB_TOKEN. The best place to add this block is at the root of the workflow, just after the workflow name: key, so that it applies to all jobs unless overridden locally. Since all workflow jobs only check out code and do not need to write to the repository, the minimal required permission is contents: read. This line should be added directly after name: ci in .github/workflows/ci.yml.
No additional methods or imports are required, as this is a change only to the workflow YAML.
| @@ -1,4 +1,6 @@ | ||
| name: ci | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: [push] | ||
| jobs: |
This PR regenerates code to match the latest API Definition.