UPD - CI #9
Merged
UPD - CI #9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+11
to
+41
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@v3 | ||
| with: | ||
| version: 9 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 20 | ||
| cache: 'pnpm' | ||
|
|
||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Generate Prisma Client | ||
| run: pnpm prisma generate | ||
|
|
||
| - name: Skip tests (no test script defined) | ||
| run: echo "⚠️ Aucun test défini, étape ignorée." | ||
|
|
||
| - name: Build app | ||
| run: pnpm build | ||
|
|
||
| # 2️⃣ Build & push Docker image | ||
| docker-build-push: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To fix this issue, the permissions block should be set explicitly for the build-and-test job, as this job only requires read access to the repository contents. The most secure minimal setting is permissions: contents: read, which restricts the GITHUB_TOKEN to repository file read-only access. This should be added directly under the runs-on: ubuntu-latest line (line 11), before the steps block begins for the build-and-test job. No additional methods, imports, or definitions are required—just a YAML insertion.
Suggested changeset
1
.github/workflows/prod.yml
| @@ -9,6 +9,8 @@ | ||
| # 1️⃣ Build & tests | ||
| build-and-test: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
|
|
||
| steps: | ||
| - name: Checkout code |
Copilot is powered by AI and may make mistakes. Always verify output.
Comment on lines
+86
to
+110
| runs-on: self-hosted | ||
| needs: docker-build-push | ||
|
|
||
| steps: | ||
| - name: Clean workspace | ||
| run: rm -rf * | ||
|
|
||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Log in to GitHub Container Registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Pull new image + restart PROD stack | ||
| run: | | ||
| echo "🔧 Deploying on PROD..." | ||
| cd /home/baptiste/Dev/WPT/prod | ||
| docker-compose pull | ||
| docker rm -f wpt_website || true | ||
| docker-compose up -d --remove-orphans | ||
| echo "🚀 Deployed in PROD!" No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To remediate the issue, add a permissions: section to the deploy-prod job in .github/workflows/prod.yml, following the recommended minimal permissions. The most restrictive (least-privilege) baseline is to set contents: read, which means the job can only read repository contents and nothing more. If future steps require broader access (e.g., to issues, packages, etc.), those can be added explicitly. The change should be made inside the deploy-prod job definition, before the first steps: key.
Suggested changeset
1
.github/workflows/prod.yml
| @@ -85,6 +85,8 @@ | ||
| deploy-prod: | ||
| runs-on: self-hosted | ||
| needs: docker-build-push | ||
| permissions: | ||
| contents: read | ||
|
|
||
| steps: | ||
| - name: Clean workspace |
Copilot is powered by AI and may make mistakes. Always verify output.
Baptiiiiste
added a commit
that referenced
this pull request
Nov 17, 2025
* UPD - Lint * ADD - Implement CI workflow (#4) * ADD - Implement CI workflow * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Add step to generate Prisma Client in CI configuration * UPD - Add step to generate Prisma Client in CI configuration * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Refactor CI configuration to improve environment variable handling and streamline deployment conditions * UPD - Simplify CI configuration by removing environment input and directly setting deployment environments * UPD - Update CI configuration to enforce manual deployment conditions for dev and prod environments * UPD - Add CI workflows for manual deployment to DEV and PROD environments * UPD - Enhance CI configuration to support manual deployment to DEV and PROD environments * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI (#6) * UPD - CICD (#7) * UPD - CI * UPD - CI * UPD - CI (#9)
Baptiiiiste
added a commit
that referenced
this pull request
Nov 17, 2025
* UPD - Lint * ADD - Implement CI workflow (#4) * ADD - Implement CI workflow * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Add step to generate Prisma Client in CI configuration * UPD - Add step to generate Prisma Client in CI configuration * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Refactor CI configuration to improve environment variable handling and streamline deployment conditions * UPD - Simplify CI configuration by removing environment input and directly setting deployment environments * UPD - Update CI configuration to enforce manual deployment conditions for dev and prod environments * UPD - Add CI workflows for manual deployment to DEV and PROD environments * UPD - Enhance CI configuration to support manual deployment to DEV and PROD environments * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI (#6) * UPD - CICD (#7) * UPD - CI * UPD - CI * UPD - CI (#9) * UPD - CI
Baptiiiiste
added a commit
that referenced
this pull request
Nov 19, 2025
* UPD - Lint * ADD - Implement CI workflow (#4) * ADD - Implement CI workflow * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Add step to generate Prisma Client in CI configuration * UPD - Add step to generate Prisma Client in CI configuration * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Refactor CI configuration to improve environment variable handling and streamline deployment conditions * UPD - Simplify CI configuration by removing environment input and directly setting deployment environments * UPD - Update CI configuration to enforce manual deployment conditions for dev and prod environments * UPD - Add CI workflows for manual deployment to DEV and PROD environments * UPD - Enhance CI configuration to support manual deployment to DEV and PROD environments * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI (#6) * UPD - CICD (#7) * UPD - CI * UPD - CI * UPD - CI (#9) * UPD - CI * UPD - CI (#12) * UPD - CI * UPD - CI
Baptiiiiste
added a commit
that referenced
this pull request
Nov 19, 2025
* UPD - Lint * ADD - Implement CI workflow (#4) * ADD - Implement CI workflow * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Add step to generate Prisma Client in CI configuration * UPD - Add step to generate Prisma Client in CI configuration * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Refactor CI configuration to improve environment variable handling and streamline deployment conditions * UPD - Simplify CI configuration by removing environment input and directly setting deployment environments * UPD - Update CI configuration to enforce manual deployment conditions for dev and prod environments * UPD - Add CI workflows for manual deployment to DEV and PROD environments * UPD - Enhance CI configuration to support manual deployment to DEV and PROD environments * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI (#6) * UPD - CICD (#7) * UPD - CI * UPD - CI * UPD - CI (#9) * UPD - CI * UPD - Add entrypoint script for Prisma migrations
Baptiiiiste
added a commit
that referenced
this pull request
Nov 21, 2025
* UPD - Lint * ADD - Implement CI workflow (#4) * ADD - Implement CI workflow * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Refactor CI workflow to remove duplicate pnpm setup step * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Simplify request handling by directly using params.uuid * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Update route parameter handling to use Promise for uuid extraction * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Enhance CI configuration by adding Docker metadata extraction and updating image tags * UPD - Add step to generate Prisma Client in CI configuration * UPD - Add step to generate Prisma Client in CI configuration * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Update Dockerfile to generate Prisma Client and optimize production dependencies * UPD - Refactor CI configuration to improve environment variable handling and streamline deployment conditions * UPD - Simplify CI configuration by removing environment input and directly setting deployment environments * UPD - Update CI configuration to enforce manual deployment conditions for dev and prod environments * UPD - Add CI workflows for manual deployment to DEV and PROD environments * UPD - Enhance CI configuration to support manual deployment to DEV and PROD environments * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI * UPD - CI (#6) * UPD - CICD (#7) * UPD - CI * UPD - CI * UPD - CI (#9) * UPD - CI * UPD - Add entrypoint script for Prisma migrations * ADD - Add integration and unit tests for API request handling (#15)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.