-
Notifications
You must be signed in to change notification settings - Fork 2
refactor: replace asyncapi-validator with custom AsyncApiValidator #110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
f42f002
8ca3275
b9b8132
48de030
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: API spec validation | ||
| on: | ||
| workflow_dispatch: | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - "api/source/specification/**" | ||
| - ".github/workflows/api-spec-validation.yml" | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - "api/source/specification/**" | ||
| - ".github/workflows/api-spec-validation.yml" | ||
|
|
||
| jobs: | ||
| validate_asyncapi: | ||
| name: Validate AsyncAPI specs | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: lts/* | ||
| - name: Validate log-socket.yaml | ||
| run: npx --yes @asyncapi/cli@2 validate api/source/specification/log-socket.yaml | ||
| Original file line number | Diff line number | Diff line change | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,36 @@ | |||||||||||||||||||||||
| name: Unit tests | |||||||||||||||||||||||
| on: | |||||||||||||||||||||||
| workflow_dispatch: | |||||||||||||||||||||||
| pull_request: | |||||||||||||||||||||||
| branches: | |||||||||||||||||||||||
| - main | |||||||||||||||||||||||
| paths: | |||||||||||||||||||||||
| - "api/source/**" | |||||||||||||||||||||||
| - "test/unit/**" | |||||||||||||||||||||||
| - ".github/workflows/unit-tests.yml" | |||||||||||||||||||||||
| push: | |||||||||||||||||||||||
| branches: | |||||||||||||||||||||||
| - main | |||||||||||||||||||||||
| paths: | |||||||||||||||||||||||
| - "api/source/**" | |||||||||||||||||||||||
| - "test/unit/**" | |||||||||||||||||||||||
| - ".github/workflows/unit-tests.yml" | |||||||||||||||||||||||
|
|
|||||||||||||||||||||||
| jobs: | |||||||||||||||||||||||
| unit-tests: | |||||||||||||||||||||||
| name: Run unit tests | |||||||||||||||||||||||
| runs-on: ubuntu-latest | |||||||||||||||||||||||
| steps: | |||||||||||||||||||||||
| - uses: actions/checkout@v4 | |||||||||||||||||||||||
| - uses: actions/setup-node@v4 | |||||||||||||||||||||||
| with: | |||||||||||||||||||||||
| node-version: lts/* | |||||||||||||||||||||||
| - name: Install API dependencies | |||||||||||||||||||||||
| run: npm ci | |||||||||||||||||||||||
| working-directory: ./api/source/ | |||||||||||||||||||||||
| - name: Install test dependencies | |||||||||||||||||||||||
| run: npm ci | |||||||||||||||||||||||
| working-directory: ./test/unit/ | |||||||||||||||||||||||
| - name: Run unit tests | |||||||||||||||||||||||
| working-directory: ./test/unit/ | |||||||||||||||||||||||
| run: npm test | |||||||||||||||||||||||
|
Comment on lines
+21
to
+36
Check warningCode scanning / CodeQL Workflow does not contain permissions Medium
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
Copilot AutofixAI 2 months ago In general, the fix is to explicitly declare a The best way to fix this without changing functionality is to add a root-level permissions:
contents: readThis is sufficient because
Suggested changeset
1
.github/workflows/unit-tests.yml
Copilot is powered by AI and may make mistakes. Always verify output.
Refresh and try again.
|
|||||||||||||||||||||||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Copilot Autofix
AI 2 months ago
In general, the fix is to add an explicit
permissionsblock limiting theGITHUB_TOKENto the least privileges needed. This workflow only checks out contents and runs a validation command; it does not write to the repo, issues, or pull requests. Therefore,contents: read(and nothing else) is sufficient.The best minimal change without altering existing behavior is to add a
permissionssection at the workflow root (top level, alongsidenameandon). This will apply to all jobs, includingvalidate_asyncapi, and avoids repeating the block per job. Concretely, in.github/workflows/api-spec-validation.yml, insert:between the existing
on:block (ending at current line 15) and thejobs:key (current line 17). No additional imports or methods are needed; this is pure YAML configuration for GitHub Actions.