Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR updates several dependency versions in package.json and introduces a new GitHub Actions workflow for building and pushing a Docker image to a new repository.
- Updated dependency versions in package.json
- Added a new workflow file (.github/workflows/build-cn-image.yml) for building the CN Docker image
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updated dependency version numbers |
| .github/workflows/build-cn-image.yml | New CI workflow for building and pushing Docker images |
| echo XATA_API_KEY="$XATA_API_KEY" >> .env | ||
| echo SENTRY_AUTH_TOKEN="$SENTRY_AUTH_TOKEN" >> .env | ||
| echo NEXT_PUBLIC_ENABLE_TRACK="$ENABLE_TRACK" >> .env | ||
| echo NEXT_PUBLIC_REGION="$NEXT_PUBLIC_REGION" >>.env |
There was a problem hiding this comment.
[nitpick] Consider adding a space between the redirection operator '>>' and the filename for consistency with similar echo commands in the same step.
| echo NEXT_PUBLIC_REGION="$NEXT_PUBLIC_REGION" >>.env | |
| echo NEXT_PUBLIC_REGION="$NEXT_PUBLIC_REGION" >> .env |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| environment: Prod-CN | ||
| env: | ||
| XATA_API_KEY: ${{ secrets.XATA_API_KEY }} | ||
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | ||
| ENABLE_TRACK: ${{ vars.ENABLE_TRACK }} | ||
| NEXT_PUBLIC_REGION: ${{ vars.NEXT_PUBLIC_REGION }} | ||
| NEXT_PUBLIC_SENTRY_DSN: ${{vars.NEXT_PUBLIC_SENTRY_DSN}} | ||
| NEXT_PUBLIC_WEBSITE_URL: ${{vars.NEXT_PUBLIC_WEBSITE_URL}} | ||
| FEC_API_TOKEN: ${{vars.FEC_API_TOKEN}} | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Login to Qcloud Hongkong Container Registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: hkccr.ccs.tencentyun.com | ||
| username: "${{ vars.QCLOUD_REGISTRY_USERNAME }}" | ||
| password: "${{ secrets.QCLOUD_REGISTRY_PASSWORD }}" | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Create Env | ||
| run: | | ||
| touch .env | ||
| echo XATA_API_KEY="$XATA_API_KEY" >> .env | ||
| echo SENTRY_AUTH_TOKEN="$SENTRY_AUTH_TOKEN" >> .env | ||
| echo NEXT_PUBLIC_ENABLE_TRACK="$ENABLE_TRACK" >> .env | ||
| echo NEXT_PUBLIC_REGION="$NEXT_PUBLIC_REGION" >>.env | ||
| echo NEXT_PUBLIC_SENTRY_DSN="$NEXT_PUBLIC_SENTRY_DSN" >>.env | ||
| echo NEXT_PUBLIC_WEBSITE_URL="$NEXT_PUBLIC_WEBSITE_URL" >>.env | ||
| echo FEC_API_TOKEN="$FEC_API_TOKEN" >>.env | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v6 | ||
| timeout-minutes: 5 | ||
| with: | ||
| context: . | ||
| push: true | ||
| tags: | | ||
| hkccr.ccs.tencentyun.com/furrycons/frontend:latest | ||
| hkccr.ccs.tencentyun.com/furrycons/frontend:${{ github.sha }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the issue, we will add a permissions block to the workflow file. This block will explicitly define the minimal permissions required for the workflow to function correctly. Since the workflow primarily interacts with Docker and does not modify repository contents, we will set contents: read as the permission level. This ensures that the workflow has read-only access to the repository contents, which is sufficient for its operations.
The permissions block will be added at the root level of the workflow file, applying to all jobs within the workflow.
| @@ -7,2 +7,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: |
No description provided.