Skip to content

Create Jenkins.cbci for CL CBCI onboarding#16308

Merged
QilongTang merged 2 commits into
masterfrom
ZbynekHanak-RWS-patch-1
Jun 18, 2025
Merged

Create Jenkins.cbci for CL CBCI onboarding#16308
QilongTang merged 2 commits into
masterfrom
ZbynekHanak-RWS-patch-1

Conversation

@ZbynekHanak-RWS

Copy link
Copy Markdown
Collaborator

Purpose

CL CBCI onboarding configuration - localization

(FILL ME IN) This section describes why this PR is here. Usually it would include a reference to the tracking task that it is part or all of the solution for.

Declarations

Check these if you believe they are true

  • Is documented according to the standards
  • The level of testing this PR includes is appropriate
  • User facing strings, if any, are extracted into *.resx files
  • Snapshot of UI changes, if any.
  • Changes to the API follow Semantic Versioning and are documented in the API Changes document.
  • This PR modifies some build requirements and the readme is updated
  • This PR contains no files larger than 50 MB
  • This PR introduces new feature code involve network connecting and is tested with no-network mode.

Release Notes

(FILL ME IN) Brief description of the fix / enhancement. Use N/A to indicate that the changes in this pull request do not apply to Release Notes. Mandatory section

Reviewers

(FILL ME IN) Reviewer 1 (If possible, assign the Reviewer for the PR)

(FILL ME IN, optional) Any additional notes to reviewers or testers.

FYIs

(FILL ME IN, Optional) Names of anyone else you wish to be notified of

@QilongTang QilongTang merged commit 44d64b6 into master Jun 18, 2025
21 of 24 checks passed
Comment on lines +10 to +19
runs-on: self-hosted
env:
REPO_NAME: ${{ github.event.repository.name }}
ORG_NAME: ${{ github.event.organization.login }}
JENKINS_ROOT: ${{ secrets.JENKINS_CONTROLLER_URL }}job/${{ secrets.JENKINS_TRIGGER_ROOT_FOLDER }}/job/${{ secrets.JENKINS_TRIGGER_ORG_FOLDER }}/job/
steps:
- name: trigger single Job
run: >
curl -X POST -u "${{ secrets.JENKINS_TRIGGER_USER }}:${{ secrets.JENKINS_TRIGGER_TOKEN }}"
${{ env.JENKINS_ROOT}}/${{ env.ORG_NAME }}/job/${{ env.REPO_NAME }}/build\?delay=\0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 1 year ago

To fix the issue, we will add a permissions block at the root level of the workflow. This block will explicitly define the least privileges required for the workflow. Since the workflow only triggers a Jenkins job and does not interact with the repository contents, we will set contents: read as the minimal permission. This ensures that the workflow has read-only access to the repository contents and no write access.

The changes will be made to the .github/workflows/trigger_jenkins.yaml file. No additional methods, imports, or definitions are required.


Suggested changeset 1
.github/workflows/trigger_jenkins.yaml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/trigger_jenkins.yaml b/.github/workflows/trigger_jenkins.yaml
--- a/.github/workflows/trigger_jenkins.yaml
+++ b/.github/workflows/trigger_jenkins.yaml
@@ -1,2 +1,4 @@
 name: Trigger Jenkins CI
+permissions:
+  contents: read
 on:
EOF
@@ -1,2 +1,4 @@
name: Trigger Jenkins CI
permissions:
contents: read
on:
Copilot is powered by AI and may make mistakes. Always verify output.
@QilongTang QilongTang deleted the ZbynekHanak-RWS-patch-1 branch October 20, 2025 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants