feat: refactor and cleanup#479
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Run Playwright Tests | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 60 | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '22' | ||
|
|
||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Install Playwright browsers | ||
| run: npm run e2e:install | ||
|
|
||
| - name: Run Playwright tests | ||
| run: npm run e2e | ||
| env: | ||
| CI: true | ||
|
|
||
| - name: Create or update test report issue | ||
| if: always() | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const fs = require('fs'); | ||
| const { repo, owner } = context.repo; | ||
| const run_id = context.runId; | ||
| const run_url = `https://github.com/${owner}/${repo}/actions/runs/${run_id}`; | ||
|
|
||
| // Generate report content | ||
| const reportContent = [ | ||
| '## Test Execution Report', | ||
| `Date: ${new Date().toISOString()}`, | ||
| `Repository: ${context.repo.owner}/${context.repo.repo}`, | ||
| `Branch: ${context.ref}`, | ||
| `Commit: ${context.sha}`, | ||
| '', | ||
| '### Test Results', | ||
| '```', | ||
| fs.readFileSync('playwright-report/test-results.txt', 'utf8'), | ||
| '```', | ||
| '', | ||
| `[View Workflow Run](${run_url})` | ||
| ].join('\n'); | ||
|
|
||
| // Determine issue title and labels based on test status | ||
| const isFailure = process.env.TEST_STATUS === 'failure'; | ||
| const title = isFailure | ||
| ? `test: Some e2e tests failed - ${new Date().toISOString()}` | ||
| : `Test Report - ${new Date().toISOString()}`; | ||
| const labels = isFailure ? ['test-failure'] : ['test-report']; | ||
|
|
||
| // Search for existing issue | ||
| const issues = await github.rest.issues.listForRepo({ | ||
| owner, | ||
| repo, | ||
| labels, | ||
| state: 'open' | ||
| }); | ||
|
|
||
| const existingIssue = issues.data.find(issue => | ||
| issue.title.includes(isFailure ? 'test: Some e2e tests failed' : 'Test Report') && | ||
| issue.body.includes(run_url) | ||
| ); | ||
|
|
||
| if (existingIssue) { | ||
| // Update existing issue | ||
| await github.rest.issues.update({ | ||
| owner, | ||
| repo, | ||
| issue_number: existingIssue.number, | ||
| title, | ||
| body: reportContent | ||
| }); | ||
| } else { | ||
| // Create new issue | ||
| await github.rest.issues.create({ | ||
| owner, | ||
| repo, | ||
| title, | ||
| body: reportContent, | ||
| labels | ||
| }); | ||
| } |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To resolve this issue, you should add an explicit permissions block to the workflow, restricting the GITHUB_TOKEN permissions to only those necessary. In this specific workflow, most steps only require contents: read to checkout code, but step 35 ("Create or update test report issue") performs write actions on issues GitHub resource, requiring issues: write. Therefore, add the following block either at the root of the workflow (to apply to all jobs where not overridden) or within the test job (to restrict just that job):
permissions:
contents: read
issues: writeThis change should be made by adding the above permissions block directly below the name key and before the on key, to apply it to the whole workflow as recommended.
| @@ -1,4 +1,7 @@ | ||
| name: Scheduled Playwright Tests | ||
| permissions: | ||
| contents: read | ||
| issues: write | ||
|
|
||
| on: | ||
| schedule: |
2 participants
Pull Request
Description
Related Issues
Changes Made
Screenshots (if applicable)
Checklist
ManualTestingProcess.md, and all tests related to this pull request pass.Additional Notes