test(app): configure testing environment and add unit tests across entire app #108 and CI #136
test(app): configure testing environment and add unit tests across entire app #108 and CI #136pawelos231 merged 4 commits intomainfrom
Conversation
commit fda5296 Author: Vrrrum <kamil2006wojtek@gmail.com> Date: Thu May 29 11:14:53 2025 +0200 fix(app): Gitignore updated commit c7631c8 Author: Braspi <shutmer@gmail.com> Date: Sun Dec 8 21:08:28 2024 +0100 test(app): configure testing environment and add unit tests across entire app #108 commit 87abf01 Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 20:04:21 2024 +0100 fix(app): fix portal.tsx commit 0edfc31 Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 18:37:25 2024 +0100 fix(app): back to odd commit 14ba6fe Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 18:34:43 2024 +0100 fix(app): fuck eslint 23123 commit e968859 Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 18:24:28 2024 +0100 fix(app): fuck eslint 2 commit e46a28a Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 18:23:08 2024 +0100 fix(app): fuck eslint commit 72dd97e Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 18:20:18 2024 +0100 fix(app): fix portal commit 64bd1f1 Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 18:15:23 2024 +0100 fix(app): small fix commit ca88ca1 Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 18:05:09 2024 +0100 fix(app): small fix commit 30a32ca Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 17:53:16 2024 +0100 fix(app): fixed package 2 commit 19bbeb3 Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 17:48:06 2024 +0100 fix(app): fixed package commit 96df98b Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 17:42:53 2024 +0100 fix(app): fix for CI commit ca34a95 Merge: 34b17ca 666010b Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 17:38:43 2024 +0100 Merge remote-tracking branch 'origin/109-fix-form-refresh' into 109-fix-form-refresh commit 34b17ca Author: Braspi <shutmer@gmail.com> Date: Sun Nov 24 17:36:41 2024 +0100 fix(app): fix for CI
Vrrrum
force-pushed
the
109-fix-form-refresh
branch
from
fda5296 to
9786790
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up Node.js | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: '20' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm install | ||
|
|
||
| - name: Run tests | ||
| run: npm run test | ||
|
|
||
| - name: Build Next.js app | ||
| run: npm run build | ||
|
|
||
| build-docker: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the issue, we will add a permissions block at the root level of the workflow to define the minimum required permissions for all jobs. Based on the workflow's actions, the contents: read permission is sufficient for the build job, as it only checks out the code, installs dependencies, and builds the application. For the build-docker job, additional permissions for accessing secrets and pushing Docker images are required. We will explicitly define these permissions to ensure the workflow adheres to the principle of least privilege.
| @@ -10,2 +10,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| @@ -35,2 +38,6 @@ | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: read | ||
| id-token: write | ||
| container: |
| if: ${{ github.ref == 'refs/heads/main' }} | ||
| runs-on: ubuntu-latest | ||
| container: | ||
| image: gcr.io/kaniko-project/executor:latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up Kaniko Configuration | ||
| run: | | ||
| mkdir -p /kaniko/.docker | ||
| echo '{ | ||
| "auths": { | ||
| "${{ secrets.REGISTRY_URL }}": { | ||
| "username": "${{ secrets.REGISTRY_USERNAME }}", | ||
| "password": "${{ secrets.REGISTRY_PASSWORD }}" | ||
| } | ||
| } | ||
| }' > /kaniko/.docker/config.json | ||
|
|
||
| - name: Build and Push Docker Image | ||
| run: | | ||
| /kaniko/executor \ | ||
| --context . \ | ||
| --dockerfile ./Dockerfile \ | ||
| --destination ${{ secrets.REGISTRY_URL }}/my-app:${{ github.sha }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the issue, we need to explicitly define the permissions for the workflow and its jobs. Since the workflow primarily interacts with the repository contents (e.g., checking out code), the minimal required permission is contents: read. This permission should be added at the root level of the workflow to apply to all jobs unless overridden. If specific jobs require additional permissions, they can define their own permissions block.
| @@ -10,2 +10,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: |
3 participants
No description provided.