Skip to content

Version 2.1.0 with support for Shapeshifer 3.1.0#20

Merged
stan-janssen merged 7 commits intomainfrom
v2.1.0
Oct 7, 2025
Merged

Version 2.1.0 with support for Shapeshifer 3.1.0#20
stan-janssen merged 7 commits intomainfrom
v2.1.0

Conversation

@stan-janssen
Copy link
Collaborator

@stan-janssen stan-janssen commented Oct 7, 2025

This version adds support for the upcoming Shapeshifter 3.1.0, as requested in #19.

@stan-janssen stan-janssen force-pushed the v2.1.0 branch 3 times, most recently from fe0c34d to 3737341 Compare October 7, 2025 07:56
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 7, 2025
View reviewed changes
@stan-janssen stan-janssen force-pushed the v2.1.0 branch 9 times, most recently from 318aa7c to b1ad9fa Compare October 7, 2025 08:09
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 7, 2025
View reviewed changes
.github/workflows/test.yml
Comment on lines +9 to +25
name: python
runs-on: ubuntu-latest
strategy:
matrix:
python-version:
- "3.11"
- "3.12"
- "3.13"
steps:
- name: Checkout Source
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install .
pip install .[dev]
- name: Run Tests
run: |
pip install pytest pytest-cov
pytest No newline at end of file
- uses: actions/checkout@v5
- name: Install uv and set the Python version
uses: astral-sh/setup-uv@v6
with:
python-version: ${{ matrix.python-version }}
- name: Install the project
run: uv sync --locked --all-extras --dev
- name: Run tests

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium test

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 5 months ago

To fix this problem, you should explicitly set the least privileges needed by the workflow job. In this specific workflow, the job only needs to check out the code and install dependencies to run tests; it does not need write access. Thus, adding a permissions block at the job level (inside python-test:) or at the workflow root (top-level, for all jobs) with contents: read suffices. Since there is currently only one job, either location is fine, but including it at the job level gives you flexibility for future jobs.

Edit the .github/workflows/test.yml file:
Add the following keys within the python-test: job, just after runs-on: ubuntu-latest (e.g., after line 10):

permissions:
  contents: read

No new methods, imports, or definitions are required since this is a YAML workflow configuration.

Suggested changeset 1
.github/workflows/test.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,6 +8,8 @@
   python-test:
     name: python
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     strategy:
       matrix:
         python-version:
EOF
@@ -8,6 +8,8 @@
python-test:
name: python
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
python-version:
Copilot is powered by AI and may make mistakes. Always verify output.
@stan-janssen stan-janssen merged commit a21fa33 into main Oct 7, 2025
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stan-janssen