From 0fb6eb54802a4f80276989310cf4a5d454b7d2b8 Mon Sep 17 00:00:00 2001
From: Vera Kahn <verakahn@nypl.org>
Date: Thu, 9 Apr 2026 16:37:09 -0400
Subject: [PATCH 1/2] extract tests

---
 .../{test-and-deploy.yml => deploy.yml}         | 17 ++++-------------
 .github/workflows/integration-tests.yml         |  2 +-
 .github/workflows/test.yml                      | 17 +++++++++++++++++
 3 files changed, 22 insertions(+), 14 deletions(-)
 rename .github/workflows/{test-and-deploy.yml => deploy.yml} (87%)
 create mode 100644 .github/workflows/test.yml

diff --git a/.github/workflows/test-and-deploy.yml b/.github/workflows/deploy.yml
similarity index 87%
rename from .github/workflows/test-and-deploy.yml
rename to .github/workflows/deploy.yml
index a179ba4b..b955de12 100644
--- a/.github/workflows/test-and-deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,4 +1,4 @@
-name: Unit Tests
+name: Deploy
 
 on: [push]
 
@@ -8,18 +8,9 @@ env:
   ECR_REPOSITORY: discovery-api
 
 jobs:
-  tests:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set Node version
-        uses: actions/setup-node@v3
-        with:
-          node-version-file: '.nvmrc'
-      - name: npm install
-        run: npm ci
-      - name: Unit Tests
-        run: npm test
+  run_tests:
+    name: Run Tests
+    uses: ./.github/workflows/tests.yml
 
   deploy:
     permissions:
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index 75205de5..49dd97e0 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -2,7 +2,7 @@ name: Run Smoke Tests
 
 on:
   workflow_run:
-    workflows: ["Unit tests / deploy"]
+    workflows: ["Deploy"]
     types:
       - completed
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 00000000..35a09108
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,17 @@
+name: Unit Tests
+
+on: [push]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set Node version
+        uses: actions/setup-node@v3
+        with:
+          node-version-file: '.nvmrc'
+      - name: npm install
+        run: npm ci
+      - name: Unit Tests
+        run: npm test
\ No newline at end of file

From 7bfc73ae440496aeecdbe35efe772ca5ca017634 Mon Sep 17 00:00:00 2001
From: Vera Kahn <86011349+charmingduchess@users.noreply.github.com>
Date: Thu, 9 Apr 2026 16:40:42 -0400
Subject: [PATCH 2/2] Potential fix for pull request finding 'CodeQL / Workflow
 does not contain permissions'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/test.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 35a09108..74d1e6ef 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,6 +2,9 @@ name: Unit Tests
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     runs-on: ubuntu-latest