test No install #134
test No install #134
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| - name: Checkout SupportScripts | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| repository: SpiNNakerManchester/SupportScripts | ||
| path: support | ||
|
|
||
| - name: Install Ubuntu packages | ||
| uses: SpiNNakerManchester/SupportScripts/actions/apt-get-install@main | ||
| with: | ||
| packages: doxygen gcc-arm-none-eabi | ||
| - name: Configure Python 3.12 | ||
| # Note: Python is needed for spinn_utilities.make_tools when building | ||
| uses: actions/setup-python@v2 | ||
| with: | ||
| python-version: 3.12 | ||
|
|
||
| - name: Checkout SpiNNaker C Dependencies | ||
| uses: SpiNNakerManchester/SupportScripts/actions/install-spinn-deps@main | ||
| with: | ||
| # Note: SpiNNUtils needed for spinn_utilities.make_tools | ||
| repositories: > | ||
| spinnaker_tools spinn_common SpiNNFrontEndCommon sPyNNaker | ||
|
|
||
| - name: "Prepare: Install SpiNNUtils" | ||
| uses: SpiNNakerManchester/SupportScripts/actions/install-spinn-deps@main | ||
| with: | ||
| # Note: SpiNNUtils needed for spinn_utilities.make_tools | ||
| repositories: SpiNNUtils | ||
| install: true | ||
|
|
||
| - name: Build SpiNNaker C code | ||
| env: | ||
| SPINN_INSTALL_DIR: ${{ github.workspace }}/spinnaker_tools_install | ||
| SPINN_COMMON_INSTALL_DIR: ${{ github.workspace }}/spinn_common_install | ||
| FEC_INSTALL_DIR: ${{ github.workspace }}/fec_install | ||
| SPYNNAKER_INSTALL_DIR: ${{ github.workspace }}/spynnaker_install | ||
| CFLAGS: -fdiagnostics-color=always | ||
| run: | | ||
| make -C spinnaker_tools install | ||
| make -C spinn_common install | ||
| make -C SpiNNFrontEndCommon/c_common install | ||
| make -C sPyNNaker/neural_modelling install | ||
|
|
||
| - name: Build SpiNNaker C code globally | ||
| env: | ||
| CFLAGS: -fdiagnostics-color=always | ||
| run: | | ||
| make -C spinnaker_tools | ||
| make -C spinn_common | ||
| make -C SpiNNFrontEndCommon/c_common | ||
| make -C sPyNNaker/neural_modelling |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 days ago
In general, to fix this class of issue you add an explicit permissions block either at the workflow root (to apply to all jobs by default) or inside each job (to scope per job). You then restrict GITHUB_TOKEN to the least privileges needed, often contents: read for simple CI workflows that only need to clone the repo.
For this specific workflow, the steps only check out code, install dependencies, and run build commands. None of them appear to require write access to repository contents or other GitHub resources. The simplest, least intrusive fix is to add a workflow‑level permissions block right after the name: or on: key, with contents: read. This will apply to the build job and any future jobs unless they override it. Concretely, in .github/workflows/c_actions.yml, add:
permissions:
contents: readbetween the name: C Actions and on: [push] lines (or between on: and jobs:; both are valid, but placing it near the top is conventional). No additional methods, imports, or definitions are required because this is a YAML configuration change only.
| @@ -16,6 +16,8 @@ | ||
| # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | ||
|
|
||
| name: C Actions | ||
| permissions: | ||
| contents: read | ||
| on: [push] | ||
| jobs: | ||
| build: |
rowleya
left a comment
rowleya
left a comment
There was a problem hiding this comment.
Arguably PyNNExamples doesn't need this, but if it is useful to test, there is no harm!
a test for SpiNNakerManchester/spinnaker_tools#201
This is needed as all other repositories do not have the code in parallel.
TODO actually run the compiled code