ci: Implement sync to internal resources #53
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Lewluu
force-pushed
the
52-add-sync-trigger
branch
from
de03014 to
d32c740
Compare
Lewluu
force-pushed
the
52-add-sync-trigger
branch
from
d32c740 to
d63703f
Compare
Signed-off-by: Iuliu-Antoniu Popovici <[email protected]>
Lewluu
force-pushed
the
52-add-sync-trigger
branch
from
d63703f to
c609035
Compare
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Trigger sync | ||
| shell: sh | ||
| run: | | ||
| echo "Sync signal sent!" | ||
|
|
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 days ago
The best way to fix this problem is to explicitly add a permissions key to the workflow, either at the root or for the specific job. Since this workflow appears to only run a shell that echoes a message and does not interact with the repository in any way, it is safe and desirable to set the permissions to the minimal possible setting, which is contents: read. This can be set at the workflow root, applying to all jobs. The change involves inserting the following block near the top level of the YAML file, immediately after the name and description blocks, and before on::
permissions:
contents: readNo imports or other definitions are required. The only required action is to update the YAML file to add this configuration block.
| @@ -3,6 +3,9 @@ | ||
| description: | ||
| 'Trigger external sync workflow.' | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| pull_request: |
Implement workflow to trigger build from internal resources.
The file added is the convention for the trigger to be detected.