Skip to content

ci(GHA): Collect feature flag code references using flagsmith/ci #6590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
emyller wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

ci(GHA): Collect feature flag code references using flagsmith/ci #6590

emyller wants to merge 5 commits into from
+17 −153

Conversation

@emyller
Copy link
Contributor

@emyller emyller commented Jan 23, 2026

Our Code References feature is going GA! Starting with the GitHub integration.

Contributes to #5704.

@emyller emyller self-assigned this Jan 23, 2026
@vercel
Copy link

vercel bot commented Jan 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments
Project Deployment Review Updated (UTC)
docs Ignored Ignored Preview Jan 24, 2026 0:24am
flagsmith-frontend-preview Ignored Ignored Preview Jan 24, 2026 0:24am
flagsmith-frontend-staging Ignored Ignored Preview Jan 24, 2026 0:24am

Request Review

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 23, 2026
View reviewed changes
@github-actions github-actions bot added the ci-cd Build, test and deployment related label Jan 23, 2026
@emyller emyller force-pushed the ci/use-flagsmith-ci branch from 1f89bdf to 6c4c103 Compare January 23, 2026 22:55
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 23, 2026
View reviewed changes
.github/workflows/platform-collect-code-references.yml
Comment on lines +11 to +17
uses: Flagsmith/ci/.github/workflows/collect-code-references.yml@feat/github-code-references-reusable-workflow
with:
flagsmith_project_id: 12
flagsmith_admin_api_url: https://api.flagsmith.com
exclude_patterns: node_modules,venv,.git,cache,build,htmlcov,docs,.json,tests
secrets:
flagsmith_admin_api_key: ${{ secrets.FLAGSMITH_CODE_REFERENCES_API_KEY }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 18 hours ago

In general, the fix is to add an explicit permissions block that scopes the GITHUB_TOKEN to the minimum required privileges. Since this job appears to only need to read the repository contents to collect code references, we can safely set contents: read. This block can be set at the workflow root (applies to all jobs) or on the specific job. The simplest, least invasive change is to add a root-level permissions block under name: and before on:.

Concretely, in .github/workflows/platform-collect-code-references.yml, add:

permissions:
  contents: read

at the top-level, between the existing name: and on: keys. This does not change existing behavior other than potentially reducing permissions if the default was broader, and it resolves the CodeQL alert by explicitly constraining GITHUB_TOKEN. No imports or additional definitions are needed.

Suggested changeset 1
.github/workflows/platform-collect-code-references.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/platform-collect-code-references.yml b/.github/workflows/platform-collect-code-references.yml
--- a/.github/workflows/platform-collect-code-references.yml
+++ b/.github/workflows/platform-collect-code-references.yml
@@ -1,4 +1,6 @@
 name: Collect code references
+permissions:
+  contents: read
 
 on:
   schedule:
EOF
@@ -1,4 +1,6 @@
name: Collect code references
permissions:
contents: read

on:
schedule:
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions github-actions bot added ci-cd Build, test and deployment related and removed ci-cd Build, test and deployment related labels Jan 23, 2026
@codecov
Copy link

codecov bot commented Jan 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.16%. Comparing base (9838589) to head (1ebf6e0).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #6590   +/-   ##
=======================================
  Coverage   98.16%   98.16%           
=======================================
  Files        1295     1295           
  Lines       46793    46793           
=======================================
  Hits        45934    45934           
  Misses        859      859

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions github-actions bot added ci-cd Build, test and deployment related and removed ci-cd Build, test and deployment related labels Jan 23, 2026
@github-actions github-actions bot added ci-cd Build, test and deployment related and removed ci-cd Build, test and deployment related labels Jan 23, 2026
@github-actions github-actions bot added ci-cd Build, test and deployment related and removed ci-cd Build, test and deployment related labels Jan 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@emyller emyller

Labels

ci-cd Build, test and deployment related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@emyller