🔄 Synced file(s) with ottrproject/OTTR_Template#27
🔄 Synced file(s) with ottrproject/OTTR_Template#27jhudsl-robot wants to merge 6 commits intomainfrom
Conversation
release-renderAction
release-renderAction
…/style_config_default.css' release-renderAction
….yml' release-renderAction
OTTR Check ResultsSummary
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Load user automation choices | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| # Use the yaml-env-action action. | ||
| - name: Load environment from YAML | ||
| uses: doughepi/yaml-env-action@v1.0.0 | ||
| with: | ||
| files: config_automation.yml # Pass a space-separated list of configuration files. Rightmost files take precedence. | ||
| outputs: | ||
| toggle_url_check_periodically: "${{ env.URL_CHECK_PERIODICALLY }}" | ||
|
|
||
| url-check: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 11 months ago
To fix the issue, we will add a permissions block to the workflow. This block will specify the minimal permissions required for the workflow to function correctly. Based on the workflow's actions, the following permissions are needed:
contents: writefor checking out code and pushing changes.actions: readfor interacting with GitHub Actions.
The permissions block will be added at the root level of the workflow to apply to all jobs. If specific jobs require different permissions, they can override the root-level permissions.
| @@ -2,2 +2,5 @@ | ||
|
|
||
| permissions: | ||
| contents: write | ||
| actions: read | ||
|
|
| name: Check URLs | ||
| needs: set-up | ||
| if: ${{needs.set-up.outputs.toggle_url_check_periodically == 'true'}} | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| # Delete the branch if this has been run before | ||
| - name: Delete branch locally and remotely | ||
| run: git push origin --delete preview-spell-error || echo "No branch to delete" | ||
|
|
||
| # Make the branch fresh | ||
| - name: Make the branch fresh | ||
| run: | | ||
| git config --global --add safe.directory $GITHUB_WORKSPACE | ||
| git config --global user.name 'github-actions[bot]' | ||
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | ||
|
|
||
| echo branch doesnt exist | ||
| git checkout -b preview-spell-error || echo branch exists | ||
| git push --set-upstream origin preview-spell-error || echo echo branch exists remotely | ||
| shell: bash | ||
|
|
||
| - name: Run the check | ||
| uses: ottrproject/ottr-reports@main | ||
| id: check_results | ||
| continue-on-error: true | ||
| with: | ||
| check_spelling: false | ||
| spelling_error_min: 1 | ||
| check_urls: true | ||
| url_error_min: 1 | ||
| check_quiz_form: false | ||
| quiz_error_min: 1 | ||
| sort_dictionary: false | ||
|
|
||
| - name: Declare file path and time | ||
| id: check-report | ||
| run: | | ||
| error_num=$(cat check_reports/url_checks.tsv | wc -l) | ||
| error_num="$((error_num-1))" | ||
| echo "error_num=$error_num" >> $GITHUB_OUTPUT | ||
| echo "error_url=https://github.com/${GITHUB_REPOSITORY}/blob/preview-spell-error/check_reports/url_checks.tsv" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
|
|
||
| - name: Stop if failure | ||
| if: steps.check_results.outcome == 'failure' | ||
| run: exit 1 | ||
|
|
||
| - name: Print out error variables | ||
| run: | | ||
| echo ${{ steps.check-report.outputs.error_url }} | ||
| echo ${{ steps.check-report.outputs.error_num }} | ||
|
|
||
| # Commit file | ||
| - name: Commit tocless bookdown files | ||
| if: ${{ steps.check-report.outputs.error_num >= 1 }} | ||
| env: | ||
| GH_PAT: ${{ secrets.GH_PAT }} | ||
| run: | | ||
| git add --force check_reports/url_checks.tsv | ||
| git commit -m 'Add spell check file' || echo "No changes to commit" | ||
| git push --set-upstream origin preview-spell-error || echo echo branch exists remotely | ||
|
|
||
| - name: Find issues | ||
| id: find-issue | ||
| env: | ||
| GH_PAT: ${{ secrets.GH_PAT }} | ||
| run: | | ||
| echo "$GITHUB_REPOSITORY" | ||
| curl -o find_issue.R https://raw.githubusercontent.com/ottrproject/ottr-reports/main/scripts/find_issue.R | ||
| issue_exists=$(Rscript --vanilla find_issue.R --repo $GITHUB_REPOSITORY --git_pat $GH_PAT) | ||
| echo URL issue exists: $issue_exists | ||
| echo "issue_existence=$issue_exists" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: If too many URL errors, then make an issue | ||
| if: ${{ steps.check-report.outputs.error_num >= 1 && steps.find-issue.outputs.issue_existence == 0}} | ||
| uses: JasonEtco/create-an-issue@v2 | ||
| with: | ||
| filename: .github/ISSUE_TEMPLATE/url-error.md | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| FILE_URL: ${{ steps.check-report.outputs.error_url }} | ||
| ERROR_NUM: ${{ steps.check-report.outputs.error_num }} | ||
|
|
||
| - name: If no URL errors than delete the branch we made | ||
| if: ${{ steps.check-report.outputs.error_num < 1 }} | ||
| run: | | ||
| git config --system --add safe.directory "$GITHUB_WORKSPACE" | ||
| git push origin --delete preview-spell-error || echo "No branch to delete" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 11 months ago
To fix the issue, we need to explicitly define the permissions for the GITHUB_TOKEN in the workflow. The permissions should be set at the job level for each job (set-up and url-check) to ensure that only the necessary permissions are granted.
For the set-up job, no write permissions are required, so contents: read is sufficient. For the url-check job, write permissions are needed for contents (to commit and push changes) and issues (to create issues).
The changes will be made by adding a permissions block to each job.
| @@ -12,2 +12,4 @@ | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| steps: | ||
| @@ -31,3 +33,5 @@ | ||
| runs-on: ubuntu-latest | ||
|
|
||
| permissions: | ||
| contents: write | ||
| issues: write | ||
| steps: |
|
Re-rendered previews from the latest commit:
* note not all html features will be properly displayed in the "quick preview" but it will give you a rough idea. Updated at 2025-07-15 with changes from the latest commit f761cba |
|
Thought this had a docx file originally in the comment before I edited coursera: false. Going to switch it back and see what happens |
3 participants
Synced local file(s) with ottrproject/OTTR_Template.
Changed files
.github/workflows/with remote directory.github/workflows/assets/style.csswith remoteassets/style.cssassets/style_config_default.cssfrom remoteassets/style_config_default.cssconfig_automation.ymlwith remoteconfig_automation.ymlThis PR was created automatically by the repo-file-sync-action workflow run #15498355326