Skip to content

Updated unit tests; Added smoke tests; Updated INSTRUCTIONS.md#16

Merged
tafilovic merged 1 commit intomainfrom
updating_tests
Apr 1, 2026
Merged

Updated unit tests; Added smoke tests; Updated INSTRUCTIONS.md#16
tafilovic merged 1 commit intomainfrom
updating_tests

Conversation

@tafilovic
Copy link
Copy Markdown
Contributor

@tafilovic tafilovic commented Apr 1, 2026

No description provided.

@tafilovic tafilovic merged commit 8a00850 into main Apr 1, 2026
1 check passed
@tafilovic tafilovic deleted the updating_tests branch April 1, 2026 15:01
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 1, 2026
View reviewed changes
.github/workflows/release-checks.yml
Comment on lines +48 to +81
name: Android Integration Smoke
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Enable KVM
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \
| sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm

- name: Install Flutter
run: |
curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" -o "$RUNNER_TEMP/flutter.tar.xz"
tar -xf "$RUNNER_TEMP/flutter.tar.xz" -C "$RUNNER_TEMP"
echo "$RUNNER_TEMP/flutter/bin" >> $GITHUB_PATH

- name: Install package dependencies
run: flutter pub get

- name: Install example dependencies
working-directory: example
run: flutter pub get

- name: Run Android integration smoke test
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: 34
arch: x86_64
profile: pixel_6
script: |
cd example
flutter test integration_test/app_smoke_test.dart -d emulator-5554

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 days ago

In general, the fix is to explicitly declare permissions for the workflow or individual jobs so the GITHUB_TOKEN is restricted to the least privileges required. Since both validate and integration-smoke jobs only need to read repository contents (for actions/checkout) and do not perform any write operations, the minimal appropriate permission is contents: read.

The best fix without changing existing functionality is to add a workflow-level permissions block near the top of .github/workflows/release-checks.yml, applying to all jobs that do not declare their own permissions. Add:

permissions:
  contents: read

right after the on: block (for example, after line 4–5). This preserves all current behavior while ensuring the GITHUB_TOKEN is restricted. No imports or additional methods are needed; this is purely a YAML configuration change.

Suggested changeset 1
.github/workflows/release-checks.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release-checks.yml b/.github/workflows/release-checks.yml
--- a/.github/workflows/release-checks.yml
+++ b/.github/workflows/release-checks.yml
@@ -3,6 +3,9 @@
 on:
   workflow_call:
 
+permissions:
+  contents: read
+
 env:
   FLUTTER_VERSION: 3.27.4
 
EOF
@@ -3,6 +3,9 @@
on:
workflow_call:

permissions:
contents: read

env:
FLUTTER_VERSION: 3.27.4

Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tafilovic @github-advanced-security