Skip to content

[CU-86b6u16q5] Add pyrefly type checking to development workflow #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
philippasdev wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[CU-86b6u16q5] Add pyrefly type checking to development workflow #120

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1beaacf
[CU-86b6u16q5] Add pyrefly type checking to development workflow
philippasdev Oct 14, 2025
3307013
[CU-86b6u16q5] Ignore the test folder
philippasdev Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions .github/workflows/typecheck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Pyrefly Type Check

on:
pull_request:
branches: [main]
workflow_dispatch: # Allows manual triggering from the GitHub UI

jobs:
typecheck:
runs-on: ubuntu-latest

steps:
- name: Check out code
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4

- name: Install uv
uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4
with:
enable-cache: true
cache-dependency-glob: |
**/pyproject.toml
**/uv.lock

- name: Set up Python
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4
with:
python-version: '3.11'

- name: Install package and dependencies
run: |
uv sync --group dev

- name: Run Pyrefly Type Checker
run: |
make typecheck
Comment on lines +10 to +35

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 months ago

To fix this issue, we need to add a permissions: block to the workflow YAML file, specifying the minimum required permissions for the GITHUB_TOKEN. Because the workflow only performs read-only operations, the lowest practical permission is to set contents: read either at the workflow root or at the job level. It is best practice to place it at the workflow root so all jobs in this workflow inherit the reduced permission unless they explicitly override it. The change should be made in .github/workflows/typecheck.yml by inserting a block like:

permissions:
  contents: read

directly after the name: declaration (or above the first on: block for clarity), ensuring that only read access to repository contents is granted for all jobs in the workflow.

Suggested changeset 1
.github/workflows/typecheck.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/typecheck.yml b/.github/workflows/typecheck.yml
--- a/.github/workflows/typecheck.yml
+++ b/.github/workflows/typecheck.yml
@@ -1,4 +1,6 @@
 name: Pyrefly Type Check
+permissions:
+  contents: read
 
 on:
   pull_request:
EOF
@@ -1,4 +1,6 @@
name: Pyrefly Type Check
permissions:
contents: read

on:
pull_request:
Copilot is powered by AI and may make mistakes. Always verify output.
13 changes: 12 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,10 @@ help:
@echo " test-e2e Run E2E tests"
@echo " test-all Run both unit and E2E tests"
@echo ""
@echo "Linting:"
@echo "Linting & Type Checking:"
@echo " lint Run ruff linter to check code"
@echo " lint-fix Auto-fix linting issues"
@echo " typecheck Run pyrefly type checker"
@echo ""
@echo "Package Management:"
@echo " package-test Build and test package installation"
Expand Down Expand Up @@ -97,12 +98,18 @@ install-buildx:
fi
@docker buildx version

.PHONY: check-pyrefly
check-pyrefly:
@echo "Initializing pyrefly..."
uv run pyrefly init

.PHONY: setup
setup: check-uv
uv venv
uv sync --group dev
uv run pre-commit install
make install-buildx
make check-pyrefly

.PHONY: reset
reset:
Expand Down Expand Up @@ -133,6 +140,10 @@ lint:
lint-fix:
uv run ruff check --fix .

.PHONY: typecheck
typecheck:
uv run pyrefly check --summarize-errors

.PHONY: test-e2e
test-e2e:
E2E_ENV_FILE=.env ./scripts/run-e2e-tests.sh
Expand Down
12 changes: 11 additions & 1 deletion pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,8 @@ test = [
dev = [
{include-group = "test"},
"ruff==0.12.0",
"pre-commit>=4.2.0"
"pre-commit>=4.2.0",
"pyrefly>=0.1.0"
]

[tool.uv]
Expand All @@ -88,3 +89,12 @@ package = true
[tool.ruff]
target-version = "py311"
line-length = 120

[tool.pyrefly]
project-includes = ["**/*"]
project-excludes = [
"**/node_modules",
"**/__pycache__",
"**/*venv/**/*",
"tests/**/*",
]
20 changes: 19 additions & 1 deletion uv.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading