Skip to content

Main #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yve-android merged 3 commits into from
Jan 7, 2026
Merged

Main #34

yve-android merged 3 commits into from
Jan 7, 2026

Conversation

@yve-android
Copy link
Owner

@yve-android yve-android commented Jan 7, 2026

No description provided.

@yve-android yve-android self-assigned this Jan 7, 2026
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 7, 2026
View reviewed changes
.github/workflows/build.yml
Comment on lines +12 to +47
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v4

- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: gradle

- name: Grant execute permission for gradlew
run: chmod +x gradlew

- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-

- name: Build with Gradle
run: ./gradlew assembleDebug --stacktrace --no-daemon

- name: Upload APK
uses: actions/upload-artifact@v3
if: success()
with:
name: blacky-apk
path: app/build/outputs/apk/debug/*.apk
retention-days: 30

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 1 month ago

To fix the problem, explicitly define a permissions block so that the GITHUB_TOKEN used in this workflow has only the minimal required scope. For this workflow, the steps use actions/checkout (which needs read access to repository contents) and actions/upload-artifact (which does not require repo permissions). No write operations to the repo are present, so contents: read is sufficient.

The best way to fix this without changing functionality is to add a job-level permissions block under jobs.build, alongside runs-on. This scopes the permissions only to this job and avoids affecting any other jobs that might exist in this workflow file. Specifically, in .github/workflows/build.yml, add:

permissions:
  contents: read

directly under runs-on: ubuntu-latest (line 12), with correct indentation. No additional imports or methods are required, as this is purely a YAML configuration change.

Suggested changeset 1
.github/workflows/build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,6 +10,8 @@
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     
     steps:
     - name: Checkout Code
EOF
@@ -10,6 +10,8 @@
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read

steps:
- name: Checkout Code
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@yve-android yve-android merged commit f8e0045 into blacky Jan 7, 2026
4 of 10 checks passed
yve-android added a commit that referenced this pull request Jan 7, 2026
@yve-android
Main (#34) (#35)
19ab714
@github-project-automation github-project-automation bot moved this to Done in @blacky Jan 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@yve-android yve-android

Labels

None yet

Projects

@blacky
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yve-android