Split CI workflow into separate build and test jobs #191
Conversation
- Separate build and test into distinct GitHub Actions jobs - Test job depends on build job completion - Provides better visibility into CI pipeline status - Enables faster feedback on build vs test failures
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
.github/workflows/dotnet.yml
Outdated
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| - name: Setup .NET | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: | | ||
| 6.0.x | ||
| 8.0.x | ||
| - name: Restore dependencies | ||
| run: dotnet restore | ||
| - name: Build | ||
| run: dotnet build --no-restore | ||
|
|
||
| test: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
The fix is to explicitly specify the permissions key for this workflow to restrict the GITHUB_TOKEN permission set according to the principle of least privilege. Since the jobs only perform build and test operations and do not interact with issues, pull requests, or write to the repository, the minimal required permission is contents: read. To ensure that all jobs inherit these settings (unless overridden), add the permissions: block at the root of the workflow, directly under the name (ideally after on:). No other changes, imports, definitions, or logic are needed, as this change is entirely a declarative addition to the workflow YAML.
| @@ -5,6 +5,9 @@ | ||
| branches: [ master ] | ||
| pull_request: | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| build-only: | ||
| runs-on: ubuntu-latest |
Summary
needs: build)Benefits
Test plan