Skip to content

🔄 Synced file(s) with ottrproject/OTTR_Template #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

🔄 Synced file(s) with ottrproject/OTTR_Template #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8f0497f
🔄 Synced local '.github/workflows/' with remote '.github/workflows/'
Jun 6, 2025
3516399
🔄 Synced local 'assets/style.css' with remote 'assets/style.css'
Jun 6, 2025
71f7f43
🔄 Created local 'assets/style_config_default.css' from remote 'assets…
Jun 6, 2025
f763856
🔄 Synced local 'config_automation.yml' with remote 'config_automation…
Jun 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
121 changes: 121 additions & 0 deletions .github/workflows/check-url-2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
name: Periodic URL Check 2


on:
workflow_dispatch:
schedule:
- cron: '0 0 1 * *'

jobs:
set-up:
name: Load user automation choices
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

# Use the yaml-env-action action.
- name: Load environment from YAML
uses: doughepi/[email protected]
with:
files: config_automation.yml # Pass a space-separated list of configuration files. Rightmost files take precedence.
outputs:
toggle_url_check_periodically: "${{ env.URL_CHECK_PERIODICALLY }}"

url-check:
Comment on lines +11 to +27

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 1 day ago

To fix the issue, we need to explicitly define the permissions for the workflow. The permissions block should be added at the root level of the workflow file to apply to all jobs unless overridden. Based on the workflow's operations, the following permissions are required:

  • contents: write for committing and pushing changes to the repository.
  • actions: read for interacting with GitHub Actions artifacts.
  • Other permissions are not required based on the workflow's functionality.

The permissions block will be added at the top of the workflow file, ensuring that the GITHUB_TOKEN has only the necessary permissions.

Suggested changeset 1
.github/workflows/check-url-2.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/check-url-2.yml b/.github/workflows/check-url-2.yml
--- a/.github/workflows/check-url-2.yml
+++ b/.github/workflows/check-url-2.yml
@@ -2,2 +2,5 @@
 
+permissions:
+  contents: write
+  actions: read
 
EOF
@@ -2,2 +2,5 @@

permissions:
contents: write
actions: read

Copilot is powered by AI and may make mistakes. Always verify output.
name: Check URLs
needs: set-up
if: ${{needs.set-up.outputs.toggle_url_check_periodically == 'true'}}
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

# Delete the branch if this has been run before
- name: Delete branch locally and remotely
run: git push origin --delete preview-spell-error || echo "No branch to delete"

# Make the branch fresh
- name: Make the branch fresh
run: |
git config --global --add safe.directory $GITHUB_WORKSPACE
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'

echo branch doesnt exist
git checkout -b preview-spell-error || echo branch exists
git push --set-upstream origin preview-spell-error || echo echo branch exists remotely
shell: bash

- name: Run the check
uses: ottrproject/ottr-reports@main
id: check_results
continue-on-error: true
with:
check_spelling: false
spelling_error_min: 1
check_urls: true
url_error_min: 1
check_quiz_form: false
quiz_error_min: 1
sort_dictionary: false

- name: Declare file path and time
id: check-report
run: |
error_num=$(cat check_reports/url_checks.tsv | wc -l)
error_num="$((error_num-1))"
echo "error_num=$error_num" >> $GITHUB_OUTPUT
echo "error_url=https://github.com/${GITHUB_REPOSITORY}/blob/preview-spell-error/check_reports/url_checks.tsv" >> $GITHUB_OUTPUT
shell: bash

- name: Stop if failure
if: steps.check_results.outcome == 'failure'
run: exit 1

- name: Print out error variables
run: |
echo ${{ steps.check-report.outputs.error_url }}
echo ${{ steps.check-report.outputs.error_num }}

# Commit file
- name: Commit tocless bookdown files
if: ${{ steps.check-report.outputs.error_num >= 1 }}
env:
GH_PAT: ${{ secrets.GH_PAT }}
run: |
git add --force check_reports/url_checks.tsv
git commit -m 'Add spell check file' || echo "No changes to commit"
git push --set-upstream origin preview-spell-error || echo echo branch exists remotely

- name: Find issues
id: find-issue
env:
GH_PAT: ${{ secrets.GH_PAT }}
run: |
echo "$GITHUB_REPOSITORY"
curl -o find_issue.R https://raw.githubusercontent.com/ottrproject/ottr-reports/main/scripts/find_issue.R
issue_exists=$(Rscript --vanilla find_issue.R --repo $GITHUB_REPOSITORY --git_pat $GH_PAT)
echo URL issue exists: $issue_exists
echo "issue_existence=$issue_exists" >> $GITHUB_OUTPUT

- name: If too many URL errors, then make an issue
if: ${{ steps.check-report.outputs.error_num >= 1 && steps.find-issue.outputs.issue_existence == 0}}
uses: JasonEtco/create-an-issue@v2
with:
filename: .github/ISSUE_TEMPLATE/url-error.md
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FILE_URL: ${{ steps.check-report.outputs.error_url }}
ERROR_NUM: ${{ steps.check-report.outputs.error_num }}

- name: If no URL errors than delete the branch we made
if: ${{ steps.check-report.outputs.error_num < 1 }}
run: |
git config --system --add safe.directory "$GITHUB_WORKSPACE"
git push origin --delete preview-spell-error || echo "No branch to delete"
Comment on lines +28 to +121

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 1 day ago

To fix the issue, we need to add a permissions block to the url-check job to explicitly define the required permissions for the GITHUB_TOKEN. Based on the actions performed in the job, the following permissions are necessary:

  • contents: write for pushing branches and committing files.
  • issues: write for creating issues.

The permissions block should be added at the job level to limit the scope of these permissions to the url-check job only.

Suggested changeset 1
.github/workflows/check-url-2.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/check-url-2.yml b/.github/workflows/check-url-2.yml
--- a/.github/workflows/check-url-2.yml
+++ b/.github/workflows/check-url-2.yml
@@ -31,2 +31,5 @@
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
 
EOF
@@ -31,2 +31,5 @@
runs-on: ubuntu-latest
permissions:
contents: write
issues: write

Copilot is powered by AI and may make mistakes. Always verify output.
25 changes: 20 additions & 5 deletions .github/workflows/check-url.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
url-check:
name: Check URLs
needs: set-up
if: ${{needs.set-up.outputs.toggle_url_check_periodically == 'yes'}}
if: ${{needs.set-up.outputs.toggle_url_check_periodically == 'true'}}
runs-on: ubuntu-latest
container:
image: jhudsl/base_ottr:main
Expand Down Expand Up @@ -54,12 +54,17 @@ jobs:
shell: bash

- name: Run the check
uses: jhudsl/ottr-reports@main
uses: ottrproject/ottr-reports@main
id: check_results
continue-on-error: true
with:
check_type: urls
error_min: 1
check_spelling: false
spelling_error_min: 1
check_urls: true
url_error_min: 1
check_quiz_form: false
quiz_error_min: 1
sort_dictionary: false

- name: Declare file path and time
id: check-report
Expand All @@ -79,13 +84,23 @@ jobs:
echo ${{ steps.check-report.outputs.error_url }}
echo ${{ steps.check-report.outputs.error_num }}

# Commit file
- name: Commit tocless bookdown files
if: ${{ steps.check-report.outputs.error_num >= 1 }}
env:
GH_PAT: ${{ secrets.GH_PAT }}
run: |
git add --force check_reports/url_checks.tsv
git commit -m 'Add spell check file' || echo "No changes to commit"
git push --set-upstream origin preview-spell-error || echo echo branch exists remotely

- name: Find issues
id: find-issue
env:
GH_PAT: ${{ secrets.GH_PAT }}
run: |
echo "$GITHUB_REPOSITORY"
curl -o find_issue.R https://raw.githubusercontent.com/jhudsl/ottr-reports/main/scripts/find_issue.R
curl -o find_issue.R https://raw.githubusercontent.com/ottrproject/ottr-reports/main/scripts/find_issue.R
issue_exists=$(Rscript --vanilla find_issue.R --repo $GITHUB_REPOSITORY --git_pat $GH_PAT)
echo URL issue exists: $issue_exists
echo "issue_existence=$issue_exists" >> $GITHUB_OUTPUT
Expand Down
Loading
Loading