Skip to content

Secrets #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
erisjak wants to merge 19 commits into
base: main
Choose a base branch
from
Open

Secrets #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
e9fd2f5
add a new line to weather forecast
erisjak Sep 1, 2025
54a2e25
neues feature
erisjak Sep 1, 2025
5b5cb7b
add dotnet test to pr verify
erisjak Sep 1, 2025
b6cd175
add failing test
erisjak Sep 1, 2025
9d5396e
fix test
erisjak Sep 1, 2025
5d8353a
add dotnet format to pr verify
erisjak Sep 2, 2025
c9d3ebd
changed .NET version to 9
erisjak Sep 2, 2025
5b4af6f
switch back to .NET 8
erisjak Sep 2, 2025
dab650e
fixed formatting
erisjak Sep 2, 2025
8336c9b
test code ql
erisjak Sep 2, 2025
ba93324
add ci
erisjak Sep 2, 2025
35a7bfb
upload artifacts as part of CI
erisjak Sep 2, 2025
051ca6f
add cron job
erisjak Sep 5, 2025
52f1c35
edited cron job
erisjak Sep 5, 2025
8651f20
added secrets branch
erisjak Sep 5, 2025
299f787
Merge branch 'main' into secrets
erisjak Sep 5, 2025
e35613a
add a job
erisjak Sep 5, 2025
ec5d887
added new job to secrets
erisjak Sep 5, 2025
c4ddacb
delete cron job
erisjak Sep 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 0 additions & 14 deletions .github/workflows/cron.yml
View file
Open in desktop

This file was deleted.

27 changes: 27 additions & 0 deletions .github/workflows/secrets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Secrets workflow

on:
pull_request:
branches: ["main"]

env:
API_CSPROJ_PATH: "./src/GithubActionsDotnet.Api/GithubActionsDotnet.Api.csproj"

jobs:
secrets:
name: Secrets Demo
runs-on: ubuntu-latest
env:
JOB_NAME: "secrets"
steps:
- name: Echo environment variable
run: curl -h API_KEY

new_job:
name: Secrets Demo
runs-on: ubuntu-latest
env:
JOB_NAME: "new_job"
steps:
- name: Echo environment variable
run: echo "The value of $JOB_NAME is $API_CSPROJ_PATH"
Comment on lines +21 to +27

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 5 months ago

To fix this issue, add a permissions block at the workflow root or job level, specifying the least required privileges. In this workflow, the jobs simply echo environment variables and use curl, so neither requires any write access to the repository. The best practice is to add the following block at the top level (applies to all jobs unless individually overridden):

permissions:
  contents: read

This should be placed just below the name field and prior to on. Alternatively, you could add it within each job, but for conciseness and maintainability, the root-level block is preferred. No new imports or definitions are needed.

Suggested changeset 1
.github/workflows/secrets.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml
--- a/.github/workflows/secrets.yml
+++ b/.github/workflows/secrets.yml
@@ -1,4 +1,6 @@
 name: Secrets workflow
+permissions:
+  contents: read
 
 on:
   pull_request:
EOF
@@ -1,4 +1,6 @@
name: Secrets workflow
permissions:
contents: read

on:
pull_request:
Copilot is powered by AI and may make mistakes. Always verify output.