Add CI workflow to run tests on push and pull requests#2
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Test | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: go.mod | ||
| cache: true | ||
|
|
||
| - name: Build | ||
| run: go build ./... | ||
|
|
||
| - name: Vet | ||
| run: go vet ./... | ||
|
|
||
| - name: Test | ||
| run: go test -race ./... |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 16 days ago
In general, the fix is to explicitly declare minimal GITHUB_TOKEN permissions either at the workflow root or per job. Since all jobs here are just running CI against the code, they only need read access to the repository contents. The best minimal fix is to add permissions: contents: read at the workflow level so it applies to all jobs without changing current behavior beyond reducing unnecessary permissions.
Concretely, in .github/workflows/ci.yml, add a new permissions: block near the top-level, just under the name: CI line and before on:. This will set contents: read for all jobs in this workflow. No imports or additional methods are needed, as this is purely a YAML configuration change.
| @@ -1,5 +1,8 @@ | ||
| name: CI | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: | ||
| branches: ["**"] |
1 participant
No description provided.