Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix the problem, explicitly restrict the GITHUB_TOKEN permissions used by this workflow. Since the workflow only needs to read repository contents (for checkout and downloaded artifacts) and interact with caching and artifacts (which do not require repository write access), we can safely set contents: read as a minimal starting point. If in future the workflow needs additional scopes (for example, id-token: write for OIDC), they can be added explicitly.
The cleanest, non‑functional change is to add a permissions: block at the root of .github/workflows/playwright-mocked.yml, right after the on: section and before jobs:. This will apply to all jobs in the workflow (there is only one job, playwright-mocked). We’ll set:
permissions:
contents: readNo other code changes, imports, or new methods are required because this is a GitHub Actions YAML configuration change only, and it does not alter the behavior of any steps—only the token’s allowed capabilities.
| @@ -1,6 +1,8 @@ | ||
| name: playwright-mocked | ||
| on: | ||
| workflow_call: | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| playwright-mocked: | ||
| name: Playwright mocked tests |
rBangay
added
run_tests
minor refactor to add types to test files.
fix tsc errors
…ocol at the start of the url fix silly property missing from mailosaur email object spread
rBangay
force-pushed
the
migrate-to-playwright
branch
from
2ebe396 to
eda9eea
Compare
…bles are available to all steps
rBangay
added
run_tests
another playwright git workflow yml mocked change to wait for the same healthcheck endpoints as the cypress yml file was
rBangay
added
run_tests
… when run from the github workflow
…over from the old cypress tests to the playwright ones
rBangay
added
run_tests
…ssword/code routes. Ensures that the HTTPCache is not used if this is the second or nth time that make reset password requests Add a client side useEffect hook to reload the /reset-password/email-sent page if it detects that the page load/show is a result of the BFCache eg as a result of someone pressing the browsers back button. This should make sure that the correct content is rendered to the user Add a default timeout of 30 seconds for mailosaor sent emails On the reset passcode test, ensure that the code is 6 characters long, padded if nesacery
rBangay
added
run_tests
1 participant
What does this change?
Migrates our mocked integration and end to end tests over from cypress to playwright.
How has this change been tested?
There are loads of playwright tests!
How can we measure success?
All the above tests pass