Feature/dcm test #21
Feature/dcm test #21
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Execute unit tests in dcm-agent GTest suite | ||
| runs-on: ubuntu-latest | ||
| container: | ||
| image: ghcr.io/rdkcentral/docker-rdk-ci:latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Run unit tests | ||
| run: sh unit_test.sh | ||
|
|
||
| - name: Upload test results to automatic test result management system | ||
| if: github.repository_owner == 'rdkcentral' | ||
| run: | | ||
| git config --global --add safe.directory `pwd` | ||
| gtest-json-result-push.py /tmp/Gtest_Report https://rdkeorchestrationservice.apps.cloud.comcast.net/rdke_orchestration_api/push_unit_test_results `pwd` |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 months ago
To fix the problem, the workflow YAML should be amended to explicitly specify the required permissions by adding a permissions block. The block can be placed at the root level (recommended, for future jobs) or directly inside the individual job. The minimal starting permissions should be contents: read, which allows the workflow only to read repository contents. There is no evidence that write permissions or other scopes (such as pull-requests: write) are needed for any step in the provided workflow.
Change required: In .github/workflows/L1-Test.yml, add the following beneath the workflow name near the top of the file:
permissions:
contents: readThis change limits the default permissions available to the workflow and its jobs. No changes to imports, dependencies, secret/environment variable handling, or any step definition are needed.
| @@ -1,4 +1,6 @@ | ||
| name: Unit tests dcm-agent | ||
| permissions: | ||
| contents: read | ||
| on: | ||
| pull_request: | ||
| branches: [ develop, main ] |
| name: Test coverage report for release | ||
| runs-on: ubuntu-latest | ||
| container: | ||
| image: ghcr.io/rdkcentral/docker-rdk-ci:latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Run unit tests with coverage flags enabled | ||
| run: | | ||
| sh unit_test.sh --enable-cov | ||
| - name: Caculate the code coverage summary | ||
| run: | | ||
| cd ./unittest | ||
| lcov --list coverage.info | grep "Lines\|Total" > /tmp/coverage_summary.txt | ||
| cd - | ||
|
|
||
| - name: Update the coverage report to Pull request using actions | ||
| uses: actions/github-script@v4 | ||
| with: | ||
| script: | | ||
| const fs = require('fs'); | ||
| const lcov_result = fs.readFileSync('/tmp/coverage_summary.txt', 'utf8'); | ||
|
|
||
| github.issues.createComment({ | ||
| issue_number: context.issue.number, | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| body: | ||
| '## Code Coverage Summary \n' + | ||
| ' ' + | ||
| '```' + | ||
| lcov_result + | ||
| '```' | ||
| }); | ||
| - name: Generate the html report | ||
| run: | | ||
| cd ./unittest | ||
| genhtml coverage.info --output-directory /tmp/coverage_report | ||
| cd - | ||
| - name: Upload the coverage report to Pull request using actions | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: coverage-report | ||
| path: /tmp/coverage_report |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 months ago
To fix the problem, we need to add a permissions block to the workflow. This permissions block should be at the top level, underneath the workflow name, or inside the affected job. In this case, since only the execute-unit-code-coverage-report-on-release job is present, we may add it either globally or inside that job. For clarity and extensibility, it is recommended to add it at the top level of the workflow. The required minimum permissions for this workflow are:
contents: read(for checking out code)issues: write(to post results as comments on the PR viagithub.issues.createComment)
No other permissions are required. The edit should be made directly to the .github/workflows/code-coverage.yml file, immediately after the name field (i.e., after line 1). No imports or variable definitions are needed; simply add the block in the YAML file.
| @@ -1,4 +1,7 @@ | ||
| name: Code Coverage | ||
| permissions: | ||
| contents: read | ||
| issues: write | ||
|
|
||
| on: | ||
| pull_request: |
No description provided.