Skip to content

bring over offline changes #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2025
Merged

bring over offline changes #1

merged 1 commit into from
Sep 3, 2025

Conversation

@jaybarden1
Copy link
Contributor

@jaybarden1 jaybarden1 commented Sep 3, 2025

No description provided.

@jaybarden1 jaybarden1 requested a review from jbarden September 3, 2025 21:37
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 3, 2025
View reviewed changes
.github/workflows/dotnet.yml
Comment on lines +12 to +59
name: Build and analyze
runs-on: windows-latest

steps:
- name: Set up JDK
uses: actions/setup-java@v4.4.0
with:
java-version: 17
distribution: 'zulu'

runs-on: ubuntu-latest
- name: Checkout
uses: actions/checkout@v4.2.1
with:
fetch-depth: 0

steps:
- uses: actions/checkout@v4

- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 9.0.x

- name: Delete nuget*.config files
run: rm -f nuget*.config

- name: Restore dependencies
run: dotnet restore

- name: Build
run: dotnet build --no-restore

- name: Test
run: dotnet test --no-build --verbosity normal
- name: 🛠 Cache SonarQube Cloud packages
uses: actions/cache@v4.2.3
with:
path: ~\sonar\cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar

- name: 🛠 Cache SonarQube Cloud scanner
id: cache-sonar-scanner
uses: actions/cache@v4.2.3
with:
path: .\.sonar\scanner
key: ${{ runner.os }}-sonar-scanner
restore-keys: ${{ runner.os }}-sonar-scanner

- name: 🛠 Install SonarQube Cloud scanner
if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
shell: powershell
run: |
New-Item -Path .\.sonar\scanner -ItemType Directory
dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
- name: 🔍 Restore, 🛠 Build and 🧪 Test with ☁️ SonarCloud / Qube project - ${{ vars.SONAR_PROJECT_NAME }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
shell: powershell
run: |
dotnet tool install --global dotnet-coverage
.\.sonar\scanner\dotnet-sonarscanner begin /k:"astar-development_${{ github.event.repository.name }}" /o:"astar-development" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.scanner.scanAll=false /d:sonar.scanner.skipJreProvisioning=true
dotnet build --configuration Release
dotnet-coverage collect 'dotnet test --filter "FullyQualifiedName!~Tests.EndToEnd"' -f xml -o 'coverage.xml'
.\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 months ago

To fix the problem, we should explicitly declare a permissions block at the appropriate scope in the workflow YAML file. Since only the default GITHUB_TOKEN is used and none of the steps require write permissions to repository contents, we can restrict the permissions to read-only for contents. This can be set at the workflow level (at the root, above jobs:) to apply to all jobs, or at the job level if different jobs require different permissions.

For this workflow in .github/workflows/dotnet.yml, the single best way to fix the problem is to add the following block after the name: section and before jobs::

permissions:
  contents: read

No additional imports or definitions are required; just this addition to the YAML structure.

Suggested changeset 1
.github/workflows/dotnet.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml
--- a/.github/workflows/dotnet.yml
+++ b/.github/workflows/dotnet.yml
@@ -7,6 +7,9 @@
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Build and analyze
EOF
@@ -7,6 +7,9 @@
pull_request:
branches: [ "main" ]

permissions:
contents: read

jobs:
build:
name: Build and analyze
Copilot is powered by AI and may make mistakes. Always verify output.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 3, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

@github-advanced-security
Copy link
Contributor

github-advanced-security bot commented Sep 3, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@jaybarden1 jaybarden1 merged commit 13e178d into main Sep 3, 2025
5 of 7 checks passed
@jaybarden1 jaybarden1 deleted the features/offline-changes branch September 3, 2025 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbarden jbarden jbarden approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jaybarden1 @jbarden