Skip to content

improve admin#303

Open
InfinityBowman wants to merge 151 commits intomainfrom
301-improve-admin
Open

improve admin#303
InfinityBowman wants to merge 151 commits intomainfrom
301-improve-admin

Conversation

@InfinityBowman
Copy link
Copy Markdown
Collaborator

@InfinityBowman InfinityBowman commented Jan 21, 2026
edited
Loading

Experimental - DO NOT MERGE

@InfinityBowman InfinityBowman linked an issue Jan 21, 2026 that may be closed by this pull request
improve admin #301
Open
@netlify
Copy link
Copy Markdown

netlify bot commented Jan 21, 2026
edited
Loading

Deploy Preview for animated-kangaroo-b914c6 failed.

Name Link
🔨 Latest commit d2a125e
🔍 Latest deploy log https://app.netlify.com/projects/animated-kangaroo-b914c6/deploys/69c8ab75f862890008a5648e

@netlify
Copy link
Copy Markdown

netlify bot commented Jan 21, 2026
edited
Loading

Deploy Preview for wheresreligion failed. Why did it fail? →

Name Link
🔨 Latest commit d2a125e
🔍 Latest deploy log https://app.netlify.com/projects/wheresreligion/deploys/69c8ab75d73fdf0008c1ba58

@netlify
Copy link
Copy Markdown

netlify bot commented Jan 21, 2026
edited
Loading

Deploy Preview for taupe-cactus-43ebc8 failed.

Name Link
🔨 Latest commit 206e1be
🔍 Latest deploy log https://app.netlify.com/projects/taupe-cactus-43ebc8/deploys/69b31e489e7d420008e7baff

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 23, 2026
View reviewed changes
InfinityBowman and others added 16 commits January 22, 2026 20:26
@InfinityBowman
security fix
ff2243d
@InfinityBowman
fix origins and add seed data
20120de
@PunSon
Changed UI of login field, using shadcn.
3b9963e
feat: rebuild signup page with shadcn/ui and role-based instructor se…
3fdbe5f 
…lection
@PunSon
Added forgot password page + reset password flow.
df1e595
@PunSon
Corrected reset password flow and added server side validation check.
f3816fb
feat: implement signup page with role-based instructor selection
4921426
@InfinityBowman
Merge pull request #307 from oss-slu/305-sign-in-page-password-reset-…
3c7a14d 
…flow

305 sign in page password reset flow
@InfinityBowman
Merge branch '301-improve-admin' of https://github.com/oss-slu/lrda_w…
5057631 
…ebsite into 304-sign-up-page
@InfinityBowman
Merge pull request #309 from oss-slu/304-sign-up-page
f33feb9 
304 sign up page
@InfinityBowman
add terraform stuff
bf59fec
@PunSon
Changed button colors of login + forgot + reset password page, and go…
edae2c2 
…t rid of scroll.
@InfinityBowman
update ai instructions
446bf3b
@PunSon
Remove trustedOrigins from auth config
c0f62c2
@PunSon
Fixed scroll on login page, so it doesn't scroll.
38e28e6
feat: Clean up stories page and add email verification
b2fe42c
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 29, 2026
View reviewed changes
.github/workflows/deploy-docs.yml
Comment on lines +12 to +34
name: Build & Deploy Docs
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup pnpm
uses: pnpm/action-setup@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '24.x'
cache: 'pnpm'

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build & deploy docs
run: pnpm deploy:docs
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 2 days ago

In general, the fix is to explicitly define a permissions block for the workflow or for the specific job so that GITHUB_TOKEN has only the minimal required scopes. For this workflow, the job appears only to read repository contents (via actions/checkout) and then use external secrets to deploy, so contents: read is a suitable minimal starting point.

The single best way to fix this without changing existing functionality is to add a permissions block under the deploy job (or at the top level) setting contents: read. This matches the CodeQL suggestion and GitHub’s minimal recommendation, and it avoids granting any unnecessary write permissions. Concretely, in .github/workflows/deploy-docs.yml, under jobs: deploy:, add a permissions: section with contents: read, keeping indentation consistent with other job-level keys such as name and runs-on. No additional imports, methods, or other definitions are needed.

Suggested changeset 1
.github/workflows/deploy-docs.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -11,6 +11,8 @@
   deploy:
     name: Build & Deploy Docs
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
EOF
@@ -11,6 +11,8 @@
deploy:
name: Build & Deploy Docs
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

improve admin

2 participants

@InfinityBowman @PunSon