Skip to content

add github actions #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
grabsefx wants to merge 2 commits into from
Closed

add github actions #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
409b757
add github actions
grabsefx Apr 6, 2026
49d67f8
add github actions
grabsefx Apr 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Build

on:
workflow_dispatch:
pull_request:
push:
branches:
- main
- develop
paths-ignore:
- '.github/**'
- README.md
- gradle.properties

permissions:
id-token: write
contents: read
actions: read

jobs:
build:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v5

- name: Set up JDK 25
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '25'

- name: Grant execute permission for gradlew
run: chmod +x gradlew

- name: Setup git credentials
uses: oleksiyrudenko/gha-git-credentials@v2
with:
name: 'reportportal.io'
email: 'support@reportportal.io'
token: ${{ secrets.GITHUB_TOKEN }}

- name: Build with Gradle
run: ./gradlew build --stacktrace

- name: Upload built jars
uses: actions/upload-artifact@v4
with:
name: build-libs
path: build/libs/*.jar
retention-days: 1

upload:
needs: build
if: github.ref_name == 'develop' || startsWith(github.ref_name, 'feature/')
uses: reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@main

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Check if the file exists and read the relevant section
if [ -f ".github/workflows/build.yml" ]; then
  echo "=== File found. Reading lines 50-65 ===" 
  sed -n '50,65p' .github/workflows/build.yml
else
  echo "File not found. Searching for build.yml files..."
  find . -name "build.yml" -type f
fi

Repository: reportportal/plugin-auth-github

Length of output: 565

🏁 Script executed:

# Also search for other `@main` references in workflow files
echo "=== Searching for `@main` references in workflow files ==="
rg "@main" .github/workflows/ --type yaml

Repository: reportportal/plugin-auth-github

Length of output: 241

Pin reusable workflow to an immutable commit SHA.

Line 57 references @main, which is mutable. Pinning to a commit SHA avoids unintended behavior from upstream changes.

Suggested change 
-    uses: reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@main
+    uses: reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@<commit-sha>
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build.yml at line 57, Replace the mutable workflow ref by
pinning the reusable workflow to a specific commit SHA: locate the uses entry
"reportportal/.github/.github/workflows/upload-plugin-artifact.yaml@main" and
replace the "@main" suffix with the exact commit SHA from the upstream
repository (e.g., "...@<commit-sha>"); ensure you fetch the immutable SHA for
the desired version and update the uses string accordingly so the workflow
references that commit instead of the branch.

with:
plugin_name: ${{ github.event.repository.name }}
branch_name: ${{ github.ref_name }}
run_number: "${{ github.run_number }}"
secrets: inherit
51 changes: 51 additions & 0 deletions .github/workflows/manually-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Manual Release

on:
workflow_dispatch:
inputs:
version:
description: 'Release version'
required: true
scripts_version:
description: 'Gradle scripts version'
required: true
bom_version:
description: 'Commons bom version'
required: true
Comment on lines +6 to +14

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Required version input is not used in the release command.

version is mandatory at dispatch time but never consumed in Lines 48–51. This can mislead operators and cause unexpected release output.

Please either wire the input into Gradle release properties or remove the input if the version is intentionally auto-derived.

Also applies to: 48-51

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/manually-release.yml around lines 6 - 14, The workflow
defines a required input named version but never uses it in the Gradle release
invocation; update the release step that runs the Gradle command (the step
invoking the Gradle release task / the ./gradlew release call) to pass the input
into Gradle properties (e.g., use the workflow input version via ${{
github.event.inputs.version }} as -Pversion=... and similarly wire
scripts_version and bom_version if needed) or remove the unused version input
from the workflow inputs block if version is intended to be auto-derived.


env:
GH_USER_NAME: github.actor

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/manually-release.yml | head -30

Repository: reportportal/plugin-auth-github

Length of output: 987

🏁 Script executed:

cat .github/workflows/manually-release.yml | grep -n "GH_USER_NAME"

Repository: reportportal/plugin-auth-github

Length of output: 200

Use expression syntax for GH_USER_NAME.

Line 17 stores a literal string instead of evaluating the GitHub context. Without expression syntax, GH_USER_NAME will be set to the literal string "github.actor" rather than the triggering actor's username, causing the parameter passed on line 49 to be incorrect.

Suggested fix 
-  GH_USER_NAME: github.actor
+  GH_USER_NAME: ${{ github.actor }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
GH_USER_NAME: github.actor
GH_USER_NAME: ${{ github.actor }}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/manually-release.yml at line 17, The GH_USER_NAME
environment variable is set to the literal string "github.actor" instead of
using workflow expression syntax; update the workflow to assign GH_USER_NAME
using the GitHub context expression (github.actor) so it evaluates at runtime
and passes the correct actor value to later steps (referenced where GH_USER_NAME
is used on line 49); locate the GH_USER_NAME key in the job/env block and
replace the literal with the proper expression form.

SCRIPTS_VERSION: ${{ github.event.inputs.scripts_version }}
BOM_VERSION: ${{ github.event.inputs.bom_version }}
REPOSITORY_URL: 'https://maven.pkg.github.com/'

jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/manually-release.yml | head -40

Repository: reportportal/plugin-auth-github

Length of output: 1319

🌐 Web query:

actions/checkout v2 deprecation end of life current version

💡 Result:

  • actions/checkout@v2 status: It’s considered legacy/deprecated in practice because it’s one of the common actions that triggered GitHub’s Node.js 12 deprecation warnings (GitHub moved Actions off Node 12 to Node 16 by default). [1], [2]
  • End-of-life (EOL): GitHub has announced runtime transitions (Node12→Node16, Node16→Node20, etc.), but there isn’t a single, official “checkout@v2 EOL date” announcement that removes the v2 tag specifically; the guidance is to upgrade to a supported major. [1], [2]
  • Current version (recommended): actions/checkout@v6 (latest release shown: v6.0.2, Jan 9, 2026). [3]
    • v5/v6 run on newer runtimes (README notes v5 updated to node24 and requires Actions Runner v2.327.1+). [3]

What to change in workflows

- uses: actions/checkout@v6

Sources
[1] GitHub Changelog: Node12→Node16 default transition (June 13, 2023). (github.blog)
[2] GitHub Community discussion showing the Node12 deprecation warning and recommending upgrading from actions/checkout@v2. (github.com)
[3] actions/checkout repo README showing current majors and latest release (v6.0.2), plus runner requirement for node24-based versions. (github.com)

Citations:

Update actions/checkout to the latest version.

Line 27 is using actions/checkout@v2, which is legacy/deprecated following GitHub's Node.js 12 deprecation. The latest version is v6, which requires Actions Runner v2.327.1+ and runs on current node runtimes.

Suggested fix 
-        uses: actions/checkout@v2
+        uses: actions/checkout@v6
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: actions/checkout@v2
uses: actions/checkout@v6
🧰 Tools
🪛 actionlint (1.7.12)

[error] 27-27: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/manually-release.yml at line 27, Update the checkout
action usage to the latest supported release by replacing the current reference
"uses: actions/checkout@v2" with the modern major version (e.g.,
"actions/checkout@v6"); ensure the workflow (manually-release.yml) meets the
runner requirement (Actions Runner v2.327.1+) and adjust any workflow
compatibility settings if needed so the workflow runs on current Node.js
runtimes.


- name: Set up JDK 25
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '25'

- name: Grant execute permission for gradlew
run: chmod +x gradlew

- name: Setup git credentials
uses: oleksiyrudenko/gha-git-credentials@v2
with:
name: 'reportportal.io'
email: 'support@reportportal.io'
token: ${{ secrets.GITHUB_TOKEN }}

- name: Release with Gradle
id: release
run: |
./gradlew release -PreleaseMode -Pscripts.version=${{env.SCRIPTS_VERSION}} -Pbom.version=${{env.BOM_VERSION}} \
-PgithubUserName=${{env.GH_USER_NAME}} -PgithubToken=${{secrets.GITHUB_TOKEN}} \
-PpublishRepo=${{ env.REPOSITORY_URL }}${{ github.repository }} \
-PgpgPassphrase=${{secrets.GPG_PASSPHRASE}} -PgpgPrivateKey="${{secrets.GPG_PRIVATE_KEY}}"
101 changes: 101 additions & 0 deletions .github/workflows/promote.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
# Copyright 2022 EPAM Systems
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Promote

on:
workflow_dispatch:
inputs:
version:
description: 'Release version'
required: true

env:
REPOSITORY_URL: 'https://maven.pkg.github.com'
UPSTREAM_REPOSITORY_URL: 'https://oss.sonatype.org'
PACKAGE_SUFFIXES: '-javadoc.jar,-javadoc.jar.asc,-sources.jar,-sources.jar.asc,.jar,.jar.asc,.pom,.pom.asc'
PACKAGE: 'com.epam.reportportal'

Comment on lines +23 to +28

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/promote.yml

Repository: reportportal/plugin-auth-github

Length of output: 5122

Add explicit packages: read permission for GitHub Packages artifact download.

This workflow downloads artifacts from GitHub Packages using GITHUB_TOKEN at line 45. Add explicit permissions so behavior is stable under restricted defaults.

Suggested fix 
+permissions:
+  packages: read
+
 env:
   REPOSITORY_URL: 'https://maven.pkg.github.com'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
env:
REPOSITORY_URL: 'https://maven.pkg.github.com'
UPSTREAM_REPOSITORY_URL: 'https://oss.sonatype.org'
PACKAGE_SUFFIXES: '-javadoc.jar,-javadoc.jar.asc,-sources.jar,-sources.jar.asc,.jar,.jar.asc,.pom,.pom.asc'
PACKAGE: 'com.epam.reportportal'
permissions:
packages: read
env:
REPOSITORY_URL: 'https://maven.pkg.github.com'
UPSTREAM_REPOSITORY_URL: 'https://oss.sonatype.org'
PACKAGE_SUFFIXES: '-javadoc.jar,-javadoc.jar.asc,-sources.jar,-sources.jar.asc,.jar,.jar.asc,.pom,.pom.asc'
PACKAGE: 'com.epam.reportportal'
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/promote.yml around lines 23 - 28, The workflow uses
GITHUB_TOKEN to download GitHub Packages artifacts but lacks explicit
permissions; update the promote.yml workflow to set the GitHub Actions
permissions to include "packages: read" (either at the top-level permissions key
or in the specific job that performs the download) so the artifact download step
that uses GITHUB_TOKEN can access GitHub Packages; ensure the permissions entry
is added alongside existing workflow metadata and before job definitions so the
download step can run under restricted defaults.


jobs:
build:
runs-on: ubuntu-latest

steps:
- name: Get variables
run: |
echo "ARTIFACT=`echo ${{ github.repository }} | cut -d/ -f2- | awk '{print tolower($0)}'`" >> $GITHUB_ENV
echo "PACKAGE_PATH=`echo ${{ env.PACKAGE }} | sed 's/\./\//g'`" >> $GITHUB_ENV
- name: Upload package
run: |
IFS=',' read -a files <<< '${{ env.PACKAGE_SUFFIXES }}'
for f in ${files[@]}; do
export URL="${{ env.REPOSITORY_URL }}/${{ github.repository }}/${PACKAGE_PATH}/${ARTIFACT}/${{ github.event.inputs.version }}/${ARTIFACT}-${{ github.event.inputs.version }}${f}"
echo "Downloading artifact: ${URL}"
curl -f -u ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} -s -O -L "${URL}"
done
files=($(ls))
echo 'Files downloaded:'
echo "${files[@]}"
echo 'Bundle generation'
export BUNDLE_FILE="bundle.jar"
jar -cvf ${BUNDLE_FILE} "${files[@]}"
echo 'Bundle upload'
curl -f -u ${{ secrets.SONATYPE_USER }}:${{ secrets.SONATYPE_PASSWORD }} -L \
--request POST '${{ env.UPSTREAM_REPOSITORY_URL }}/service/local/staging/bundle_upload' \
--form "file=@${BUNDLE_FILE}" >response.json
response_type=`jq type response.json || echo ''`
if [ -z "$response_type" ]; then
echo 'ERROR: Response is not JSON!' 1>&2
cat response.json 1>&2
exit 1
fi
repo=`jq -r '.repositoryUris[0]' response.json`
if [ -z "$repo" ]; then
echo 'Unable to upload bundle' 1>&2
Comment on lines +63 to +65

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, find and inspect the workflow file
find . -name "promote.yml" -type f

Repository: reportportal/plugin-auth-github

Length of output: 106

🏁 Script executed:

# Test how jq -r behaves with null values
# Create a test JSON with null value
echo '{"repositoryUris": [null]}' | jq -r '.repositoryUris[0]'
echo "Exit code: $?"
echo "---"
# Test with empty array
echo '{"repositoryUris": []}' | jq -r '.repositoryUris[0]'
echo "Exit code: $?"

Repository: reportportal/plugin-auth-github

Length of output: 114

🏁 Script executed:

# Test bash -z check with "null" string
repo="null"
if [ -z "$repo" ]; then
  echo "Empty string detected"
else
  echo "String is not empty: '$repo'"
fi
echo "---"
# Test the proposed fix
if [ -z "$repo" ] || [ "$repo" = "null" ]; then
  echo "Either empty or null detected"
else
  echo "Neither empty nor null"
fi

Repository: reportportal/plugin-auth-github

Length of output: 136

🏁 Script executed:

cat -n .github/workflows/promote.yml | sed -n '60,70p'

Repository: reportportal/plugin-auth-github

Length of output: 521

🏁 Script executed:

# Let me also check the full context around those lines
cat -n .github/workflows/promote.yml | sed -n '55,75p'

Repository: reportportal/plugin-auth-github

Length of output: 1100

Handle jq null values explicitly when validating repository URI.

At Lines 63–65, jq -r '.repositoryUris[0]' returns the literal string "null" when the field is null in JSON, and the current -z check won't catch it. This causes the validation to pass incorrectly, and NEXUS_REPOSITORY=null is exported to the environment at line 69, causing downstream issues.

Suggested fix 
-          repo=`jq -r '.repositoryUris[0]' response.json`
-          if [ -z "$repo" ]; then
+          repo=`jq -r '.repositoryUris[0]' response.json`
+          if [ -z "$repo" ] || [ "$repo" = "null" ]; then
             echo 'Unable to upload bundle' 1>&2
             cat response.json 1>&2
             exit 1
           fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
repo=`jq -r '.repositoryUris[0]' response.json`
if [ -z "$repo" ]; then
echo 'Unable to upload bundle' 1>&2
repo=`jq -r '.repositoryUris[0]' response.json`
if [ -z "$repo" ] || [ "$repo" = "null" ]; then
echo 'Unable to upload bundle' 1>&2
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/promote.yml around lines 63 - 65, The script assigns repo
using repo=`jq -r '.repositoryUris[0]' response.json` but jq returns the literal
"null" for null values so the subsequent if [ -z "$repo" ] check misses it and
exports NEXUS_REPOSITORY=null; update the jq call or the validation: change the
jq expression to produce an empty string for null (e.g. use the // empty
construct) or alter the conditional to treat both empty and the literal "null"
as invalid, ensuring repo is rejected and the script exits before exporting
NEXUS_REPOSITORY.

cat response.json 1>&2
exit 1
fi
echo "NEXUS_REPOSITORY=${repo}" >> $GITHUB_ENV
- name: Get repository variables
run: |
echo "NEXUS_REPOSITORY_NAME=`echo ${NEXUS_REPOSITORY} | sed -E 's/(.+)\/([^\/]+)$/\2/'`" >> $GITHUB_ENV
- name: Promote package
env:
ATTEMPTS: 60
SLEEP_TIME: 10
run: |
verified=false
for i in `seq 0 ${ATTEMPTS}`; do
sleep $SLEEP_TIME
curl -f -s -u ${{ secrets.SONATYPE_USER }}:${{ secrets.SONATYPE_PASSWORD }} -L \
--header 'Accept: application/json' \
${{ env.UPSTREAM_REPOSITORY_URL }}/service/local/staging/repository/${NEXUS_REPOSITORY_NAME} >result.json
is_closed=`jq -r '.type' result.json`
is_transitioning=`jq -r '.transitioning' result.json`
echo "Current repository status: $is_closed; transitioning: $is_transitioning"
if [[ "$is_closed" == "closed" && "$is_transitioning" == "false" ]]; then
verified=true
break
fi
done
if $verified; then
echo "A bundle was verified, releasing"
curl -f -u ${{ secrets.SONATYPE_USER }}:${{ secrets.SONATYPE_PASSWORD }} -L \
--header 'Content-Type: application/json' \
--data-raw "{\"data\":{\"stagedRepositoryIds\":[\"${NEXUS_REPOSITORY_NAME}\"], \"description\":\"Releasing ${{ github.event.inputs.version }}\"}}" \
--request POST ${{ env.UPSTREAM_REPOSITORY_URL }}/service/local/staging/bulk/promote
else
echo 'Verification failed, please check the bundle' 1>&2
exit 1
fi
45 changes: 45 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: Release

on:
push:
branches:
- main
paths-ignore:
- '.github/**'
- README.md
- gradle.properties

env:
GH_USER_NAME: github.actor

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/release.yml | head -30

Repository: reportportal/plugin-auth-github

Length of output: 822

🏁 Script executed:

cat -n .github/workflows/release.yml | grep -A 2 -B 2 "GH_USER_NAME"

Repository: reportportal/plugin-auth-github

Length of output: 552

Fix actor interpolation in env.

Line 13 sets a literal string (github.actor) instead of interpolating the GitHub Actions context expression. This causes Gradle to receive the wrong username value. Update to use proper interpolation syntax:

Suggested fix 
-  GH_USER_NAME: github.actor
+  GH_USER_NAME: ${{ github.actor }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
GH_USER_NAME: github.actor
GH_USER_NAME: ${{ github.actor }}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 13, The GH_USER_NAME environment
variable is set to the literal string "github.actor" instead of interpolating
the GitHub Actions context; update the env entry that defines GH_USER_NAME in
the release workflow to use the correct Actions expression syntax (use the
context interpolation for github.actor) so the actual actor username is passed
to Gradle.

SCRIPTS_VERSION: 5.14.0
BOM_VERSION: 5.14.2

jobs:
release:
runs-on: ubuntu-latest
Comment on lines +17 to +19

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

find . -name "release.yml" -o -name "release.yaml" | head -20

Repository: reportportal/plugin-auth-github

Length of output: 106

🏁 Script executed:

cat -n .github/workflows/release.yml 2>/dev/null || cat -n ./.github/workflows/release.yml 2>/dev/null || find . -type f \( -name "*.yml" -o -name "*.yaml" \) | grep -i release

Repository: reportportal/plugin-auth-github

Length of output: 1566

Declare explicit token permissions for release operations.

This job performs authenticated release actions using secrets.GITHUB_TOKEN for git credentials and Gradle release operations (lines 33–45). Without explicit permissions, runs may fail under restricted default token settings.

Suggested fix 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   release:
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 17 - 19, Add explicit workflow
permissions for the release job so the GITHUB_TOKEN has the rights needed for
git and Gradle release tasks: update the job block named "release" to include a
top-level permissions map granting at least contents: write, issues: write (or
other required scopes) and any other scopes used by Gradle/gh actions, and
ensure the job uses secrets.GITHUB_TOKEN as the authenticated token referenced
in the existing release steps.

steps:
- name: Checkout repository
uses: actions/checkout@v2

@coderabbitai coderabbitai Bot Apr 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Upgrade actions/checkout to a supported major version.

Line 22 uses actions/checkout@v2, which is too old for current runners (also confirmed by actionlint).

Suggested fix 
-        uses: actions/checkout@v2
+        uses: actions/checkout@v5
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: actions/checkout@v2
uses: actions/checkout@v5
🧰 Tools
🪛 actionlint (1.7.12)

[error] 22-22: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 22, The workflow step currently uses
the deprecated action reference "uses: actions/checkout@v2"; update that step to
a supported major version (for example "actions/checkout@v4") across the
workflow so the runner uses the maintained release, and run a quick lint/CI
after changing the "uses: actions/checkout@v2" token to confirm no other
workflow syntax or compatibility issues remain.


- name: Set up JDK 25
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '25'

- name: Grant execute permission for gradlew
run: chmod +x gradlew

- name: Setup git credentials
uses: oleksiyrudenko/gha-git-credentials@v2
with:
name: 'reportportal.io'
email: 'support@reportportal.io'
token: ${{ secrets.GITHUB_TOKEN }}

- name: Release with Gradle
id: release
run: |
./gradlew release -PreleaseMode -Pscripts.version=${{env.SCRIPTS_VERSION}} -Pbom.version=${{env.BOM_VERSION}} \
-PgithubUserName=${{env.GH_USER_NAME}} -PgithubToken=${{secrets.GITHUB_TOKEN}} \
-PgpgPassphrase=${{secrets.GPG_PASSPHRASE}} -PgpgPrivateKey="${{secrets.GPG_PRIVATE_KEY}}"
2 changes: 1 addition & 1 deletion gradle.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version=1.0.0-SNAPSHOT-2
version=1.0.0
description=EPAM Report Portal. GitHub auth plugin.
pluginId=github
pluginClass=com.epam.reportportal.extension.github.GitHubPlugin
Expand Down
Loading