Skip to content

chore: Adjust build process#1444

Merged
lukaszsocha2 merged 20 commits intocombined-sdkfrom
fix-build
Sep 29, 2025
Merged

chore: Adjust build process#1444
lukaszsocha2 merged 20 commits intocombined-sdkfrom
fix-build

Conversation

@lukaszsocha2
Copy link
Copy Markdown
Contributor

@lukaszsocha2 lukaszsocha2 commented Sep 26, 2025

No description provided.

@lukaszsocha2 lukaszsocha2 changed the base branch from main to combined-sdk September 26, 2025 12:08
github-advanced-security[bot]
github-advanced-security AI found potential problems Sep 26, 2025
View reviewed changes
Comment thread .github/workflows/autoupdate-pr.yml
Comment on lines +9 to +39
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.DISPATCH_ACCESS_TOKEN }}

- name: Set up Git
run: |
git config --global user.name 'box-sdk-build'
git config --global user.email '[email protected]'

- name: Fetch all branches and tags
run: git fetch --prune --unshallow

- name: Auto update pull requests
run: |
PR_LIST=$(curl -s -H "Authorization: Bearer ${{ secrets.DISPATCH_ACCESS_TOKEN }}" "https://api.github.com/repos/$GITHUB_REPOSITORY/pulls?state=open" | jq -r '.[] | .head.ref')
for pr_branch in $PR_LIST; do
git checkout "$pr_branch"
if git merge origin/combined-sdk; then
git push
else
# Conflict occurred, resolve by keeping our changes
git checkout --ours .
git add .
git commit -m "Auto resolve conflict by keeping our changes"
git push
fi
done

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 months ago

To fix the issue, add a permissions block to the workflow (either at the root or at the job level). This block limits the GITHUB_TOKEN permissions during the run, following least privilege. Based on the workflow's actions, it needs to be able to "read" repository contents and "write" to pull requests (since it updates PR branches and could interact with them or post commits). This matches the recommended minimal permissions for automation updating pull requests. You should add:

permissions:
  contents: read
  pull-requests: write

immediately after the workflow name: and before on:, which will apply to the whole workflow. No further code changes are needed, as this only modifies the workflow permissions.

Suggested changeset 1
.github/workflows/autoupdate-pr.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/autoupdate-pr.yml b/.github/workflows/autoupdate-pr.yml
--- a/.github/workflows/autoupdate-pr.yml
+++ b/.github/workflows/autoupdate-pr.yml
@@ -1,4 +1,7 @@
 name: Autoupdate PR
+permissions:
+  contents: read
+  pull-requests: write
 on:
   push:
     branches:
EOF
@@ -1,4 +1,7 @@
name: Autoupdate PR
permissions:
contents: read
pull-requests: write
on:
push:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
@lukaszsocha2 lukaszsocha2 changed the title chore: Fix build chore: Adjust build process Sep 26, 2025
@lukaszsocha2 lukaszsocha2 merged commit e854db1 into combined-sdk Sep 29, 2025
14 checks passed
@lukaszsocha2 lukaszsocha2 deleted the fix-build branch September 29, 2025 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@congminh1254 congminh1254 congminh1254 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lukaszsocha2 @congminh1254 @github-advanced-security