Skip to content

Add test report job and clean up workflow config#1232

Merged
StuartFerguson merged 1 commit intomasterfrom
task/#1231_test_results_report
Feb 25, 2026
Merged

Add test report job and clean up workflow config#1232
StuartFerguson merged 1 commit intomasterfrom
task/#1231_test_results_report

Conversation

@StuartFerguson
Copy link
Copy Markdown
Member

@StuartFerguson StuartFerguson commented Feb 25, 2026

Removed old Windows/macOS jobs from nightlybuild.yml. Added "testreports" job: runs unit tests, uploads TRX artifacts, generates HTML reports, and deploys to GitHub Pages. Updated code coverage job to use npm lcov merger instead of coverlet merge steps.

closes #1231

@StuartFerguson
Add test report job and clean up workflow config
db7dd87 
Removed old Windows/macOS jobs from nightlybuild.yml.
Added "testreports" job: runs unit tests, uploads TRX artifacts, generates HTML reports, and deploys to GitHub Pages.
Updated code coverage job to use npm lcov merger instead of coverlet merge steps.
github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 25, 2026
View reviewed changes
Comment thread .github/workflows/nightlybuild.yml
Comment on lines +139 to +197
name: "Nightly Build - Test Reports"
env:
ASPNETCORE_ENVIRONMENT: "Production"

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2.3.4

- name: Restore Nuget Packages
run: dotnet restore Shared.sln --source ${{ secrets.PUBLICFEEDURL }} --source ${{ secrets.PRIVATEFEED_URL }}

- name: Run Unit Tests
run: |
dotnet test "Shared.Tests\Shared.Tests.csproj" --configuration Release --no-build --verbosity normal --logger "trx;LogFileName=buslogic-test-results.trx"
dotnet test "Shared.EventStore.Tests\Shared.EventStore.Tests.csproj" --configuration Release --no-build --verbosity normal --logger "trx;LogFileName=projection-test-results.trx"

- name: Upload TRX artifacts (optional)
if: always()
uses: actions/upload-artifact@v4
with:
name: trx-results
path: TestResults/**/*.trx
if-no-files-found: warn
retention-days: 14

- name: Install ReportGenerator
run: dotnet tool update -g dotnet-reportgenerator-globaltool

- name: Prepare Pages output folder
shell: bash
run: |
set -euo pipefail
rm -rf public
mkdir -p public

if [ -n "${PAGES_ROOT_DIR}" ] && [ -d "${PAGES_ROOT_DIR}" ]; then
echo "Copying existing Pages content from '${PAGES_ROOT_DIR}' to 'public/'..."
rsync -a "${PAGES_ROOT_DIR}/" "public/"
else
echo "No existing Pages content directory configured/found; deploying only the test report."
fi

- name: Generate HTML report into subpath
run: |
reportgenerator \
"-reports:TestResults/**/*.trx" \
"-targetdir:public/${REPORT_SUBPATH}" \
"-reporttypes:HtmlInline_AzurePipelines;HtmlChart" \
"-title:${{ github.repository }} - Test Report" \
"-tag:${{ github.run_number }}"

- name: Upload Pages artifact
uses: actions/upload-pages-artifact@v3
with:
path: public

- name: Deploy to GitHub Pages
uses: actions/deploy-pages@v4 No newline at end of file

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read, id-token: write, pages: write}

Copilot Autofix

AI 2 months ago

In general, fix this by adding an explicit permissions block that grants the least privileges required, either at the workflow root (affecting all jobs) or per-job. Since the alert is for the testreports job and it needs special permissions for GitHub Pages deployment, the safest, least intrusive change is to add a permissions block to that specific job, matching the minimal set suggested by CodeQL.

Concretely, in .github/workflows/nightlybuild.yml, inside the testreports job (starting at line 138), add a permissions section right under the job name (and before or after env), with the values: contents: read, id-token: write, and pages: write. This documents the job’s needs, limits the GITHUB_TOKEN to read-only repository contents plus only the necessary write scopes for Pages, and avoids changing behavior of the other jobs. No additional imports, methods, or other definitions are required for this YAML-only change.

Suggested changeset 1
.github/workflows/nightlybuild.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/nightlybuild.yml b/.github/workflows/nightlybuild.yml
--- a/.github/workflows/nightlybuild.yml
+++ b/.github/workflows/nightlybuild.yml
@@ -137,6 +137,10 @@
 
   testreports:
     name: "Nightly Build - Test Reports"
+    permissions:
+      contents: read
+      id-token: write
+      pages: write
     env:
         ASPNETCORE_ENVIRONMENT: "Production"
 
EOF
@@ -137,6 +137,10 @@

testreports:
name: "Nightly Build - Test Reports"
permissions:
contents: read
id-token: write
pages: write
env:
ASPNETCORE_ENVIRONMENT: "Production"

Copilot is powered by AI and may make mistakes. Always verify output.
@StuartFerguson StuartFerguson merged commit dd47f62 into master Feb 25, 2026
10 checks passed
@github-actions github-actions Bot deleted the task/#1231_test_results_report branch April 27, 2026 03:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Build Test Report Workflow

2 participants

@StuartFerguson @github-advanced-security