Potential fix for code scanning alert no. 1818: Workflow does not contain permissions #2189
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lighthouse Report | |
| on: | |
| pull_request_target: | |
| branches: | |
| - main | |
| - codeharborhub-v** | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| lighthouse-report: | |
| permissions: | |
| pull-requests: write # for marocchino/sticky-pull-request-comment | |
| name: Lighthouse Report | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Use Node.js | |
| uses: actions/[email protected] | |
| with: | |
| node-version: 20 | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build website | |
| run: npm run build | |
| - name: Audit URLs using Lighthouse | |
| id: lighthouse_audit | |
| uses: treosh/[email protected] | |
| with: | |
| urls: | | |
| http://localhost:3000 | |
| http://localhost:3000/docs | |
| http://localhost:3000/courses | |
| http://localhost:3000/showcase | |
| http://localhost:3000/community | |
| configPath: ./.github/workflows/lighthouserc.json | |
| uploadArtifacts: true | |
| temporaryPublicStorage: true | |
| - name: Format lighthouse score | |
| id: format_lighthouse_score | |
| uses: actions/[email protected] | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const results = ${{ steps.lighthouse_audit.outputs.manifest }} | |
| const links = ${{ steps.lighthouse_audit.outputs.links }} | |
| const createLighthouseReport = (await import(`${process.env.GITHUB_WORKSPACE}/admin/scripts/formatLighthouseReport.js`)).default; | |
| const comment = createLighthouseReport({ results, links }); | |
| core.setOutput("comment", comment); | |
| - name: Add Lighthouse stats as comment | |
| id: comment_to_pr | |
| uses: marocchino/[email protected] | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| number: ${{ github.event.pull_request.number }} | |
| header: lighthouse | |
| message: ${{ steps.format_lighthouse_score.outputs.comment }} |