Skip to content

feat: first version #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
christiangda merged 9 commits into from
Jan 18, 2026
Merged

feat: first version #1

christiangda merged 9 commits into from
Jan 18, 2026

Conversation

@christiangda
Copy link
Contributor

@christiangda christiangda commented Jan 18, 2026

No description provided.

@christiangda christiangda self-assigned this Jan 18, 2026
@github-advanced-security
Copy link

github-advanced-security bot commented Jan 18, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 18, 2026
View reviewed changes
.github/workflows/main.yml
Comment on lines 10 to 84
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6

- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: ./go.mod

- name: Summary Information
run: |
echo "# Push Summary" > $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Repository:** ${{ github.repository }}" >> $GITHUB_STEP_SUMMARY
echo "**Push:** ${{ github.event.head_commit.message }}" >> $GITHUB_STEP_SUMMARY
echo "**Author:** ${{ github.event.head_commit.author.name }}" >> $GITHUB_STEP_SUMMARY
echo "**Branch:** ${{ github.ref }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: Tools and versions
run: |
echo "## Tools and versions" >> $GITHUB_STEP_SUMMARY

ubuntu_version=$(lsb_release -a 2>&1 | grep "Description" | awk '{print $2, $3, $4}')
echo "Ubuntu version: $ubuntu_version"
echo "**Ubuntu Version:** $ubuntu_version" >> $GITHUB_STEP_SUMMARY

bash_version=$(bash --version | head -n 1 | awk '{print $4}')
echo "Bash version: $bash_version"
echo "**Bash Version:** $bash_version" >> $GITHUB_STEP_SUMMARY

git_version=$(git --version | awk '{print $3}')
echo "Git version: $git_version"
echo "**Git Version:** $git_version" >> $GITHUB_STEP_SUMMARY

go_version=$(go version | awk '{print $3}')
echo "Go version: $go_version"
echo "**Go Version:** $go_version" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: Lines of code
run: |
echo "## Lines of code" >> $GITHUB_STEP_SUMMARY

go install github.com/boyter/scc/v3@latest
scc --format html-table . | tee -a $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: test
run: |
echo "### Test report" >> $GITHUB_STEP_SUMMARY

go test -race -coverprofile=coverage.txt -covermode=atomic -tags=unit ./... | tee -a $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: test coverage
run: |
echo "## Test Coverage" >> $GITHUB_STEP_SUMMARY

go install github.com/vladopajic/go-test-coverage/v2@latest

# execute again to get the summary
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Coverage report" >> $GITHUB_STEP_SUMMARY
go-test-coverage --config=./.testcoverage.yml | sed 's/PASS/PASS ✅/g' | sed 's/FAIL/FAIL ❌/g' | tee -a $GITHUB_STEP_SUMMARY

- name: Build
run: |
echo "## Build" >> $GITHUB_STEP_SUMMARY

go build ./... | tee -a $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Build completed successfully." >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 days ago

To fix the problem, explicitly declare minimal GITHUB_TOKEN permissions in the workflow so the job does not inherit overly broad defaults. Since this workflow only needs to read repository contents and releases and write to the job summary (which does not require any special token permission), we can safely set contents: read at the workflow level.

The best fix is to add a permissions block near the top of .github/workflows/main.yml, alongside name and on, so it applies to all jobs. Concretely, insert:

permissions:
  contents: read

between the name: Main and on: lines. No changes are needed to any steps, environment variables, or uses of github.token. This restricts the GITHUB_TOKEN to read-only access to repository contents while preserving all existing functionality (checkout, viewing and downloading releases, and generating summaries).

Suggested changeset 1
.github/workflows/main.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,5 +1,8 @@
 name: Main
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
EOF
@@ -1,5 +1,8 @@
name: Main

permissions:
contents: read

on:
push:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 18, 2026
View reviewed changes
.github/workflows/pr.yml
Comment on lines 10 to 110
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6

- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: ./go.mod

- name: Summary Information
run: |
echo "# Pull Request Summary" > $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Repository:** ${{ github.repository }}" >> $GITHUB_STEP_SUMMARY
echo "**Pull Request:** ${{ github.event.pull_request.title }}" >> $GITHUB_STEP_SUMMARY
echo "**Author:** ${{ github.event.pull_request.user.login }}" >> $GITHUB_STEP_SUMMARY
echo "**Branch:** ${{ github.event.pull_request.head.ref }}" >> $GITHUB_STEP_SUMMARY
echo "**Base:** ${{ github.event.pull_request.base.ref }}" >> $GITHUB_STEP_SUMMARY
echo "**Commits:** ${{ github.event.pull_request.commits }}" >> $GITHUB_STEP_SUMMARY
echo "**Changed Files:** ${{ github.event.pull_request.changed_files }}" >> $GITHUB_STEP_SUMMARY
echo "**Additions:** ${{ github.event.pull_request.additions }}" >> $GITHUB_STEP_SUMMARY
echo "**Deletions:** ${{ github.event.pull_request.deletions }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: Tools and versions
run: |
echo "## Tools and versions" >> $GITHUB_STEP_SUMMARY

ubuntu_version=$(lsb_release -a 2>&1 | grep "Description" | awk '{print $2, $3, $4}')
echo "Ubuntu version: $ubuntu_version"
echo "**Ubuntu Version:** $ubuntu_version" >> $GITHUB_STEP_SUMMARY

bash_version=$(bash --version | head -n 1 | awk '{print $4}')
echo "Bash version: $bash_version"
echo "**Bash Version:** $bash_version" >> $GITHUB_STEP_SUMMARY

git_version=$(git --version | awk '{print $3}')
echo "Git version: $git_version"
echo "**Git Version:** $git_version" >> $GITHUB_STEP_SUMMARY

go_version=$(go version | awk '{print $3}')
echo "Go version: $go_version"
echo "**Go Version:** $go_version" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: Lines of code
env:
GH_TOKEN: ${{ github.token }}
run: |
export TOOL_NAME="scc"
export GIT_ORG="boyter"
export GIT_REPO="scc"
export OS=$(uname -s)
export OS_ARCH=$(uname -m)
# Normalize architecture names to match asset naming
[[ "$OS_ARCH" == "aarch64" ]] && OS_ARCH="arm64"
[[ "$OS_ARCH" == "x86_64" ]] && OS_ARCH="x86_64"
export ASSETS_NAME=$(gh release view --repo ${GIT_ORG}/${GIT_REPO} --json assets -q "[.assets[] | select(.name | contains(\"${TOOL_NAME}\") and contains(\"${OS}\") and contains(\"${OS_ARCH}\"))] | sort_by(.createdAt) | last.name")

gh release download --repo $GIT_ORG/$GIT_REPO --pattern $ASSETS_NAME

# Extract based on file extension
if [[ "$ASSETS_NAME" == *.tar.gz ]]; then
tar -xzf $ASSETS_NAME
elif [[ "$ASSETS_NAME" == *.zip ]]; then
unzip $ASSETS_NAME
fi

rm $ASSETS_NAME

mv $TOOL_NAME ~/go/bin/$TOOL_NAME
~/go/bin/$TOOL_NAME --version

# go install github.com/boyter/scc/v3@latest

scc --format html-table . | tee -a $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: test
run: |
echo "### Test report" >> $GITHUB_STEP_SUMMARY

go test -race -coverprofile=coverage.txt -covermode=atomic -tags=unit ./... | tee -a $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

- name: test coverage
run: |
echo "## Test Coverage" >> $GITHUB_STEP_SUMMARY

# Generate coverage report using standard library tools
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Coverage report" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
go tool cover -func=coverage.txt | tee -a $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

# Calculate total coverage percentage
total_coverage=$(go tool cover -func=coverage.txt | grep total | awk '{print $3}')
echo "**Total Coverage:** $total_coverage" >> $GITHUB_STEP_SUMMARY

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 7 days ago

In general, the fix is to add an explicit permissions block to the workflow (or to the specific job) that grants only the minimal rights needed. This avoids inheriting potentially broad repository defaults for the GITHUB_TOKEN.

For this workflow, all operations are read-only: checking out code, running Go tests, generating coverage, and using gh to read release assets from a public repository. No step needs write access to repository contents, pull requests, or issues. Therefore, the best fix is to add a workflow-level permissions block setting contents: read, which will apply to all jobs that don’t override it. This matches CodeQL’s suggested minimal configuration and does not change existing behavior in a typical setup, because reading repository contents is still allowed while write permissions are removed.

Concretely, edit .github/workflows/pr.yml to insert:

permissions:
  contents: read

right after the name: Pull Request header (before on:). No additional imports or methods are needed, and no steps need modification, because all existing uses of GITHUB_TOKEN remain compatible with a read-only contents permission.

Suggested changeset 1
.github/workflows/pr.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -1,5 +1,8 @@
 name: Pull Request
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     branches:
EOF
@@ -1,5 +1,8 @@
name: Pull Request

permissions:
contents: read

on:
pull_request:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
@christiangda christiangda merged commit 40a0a49 into main Jan 18, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@christiangda christiangda

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@christiangda