feat: add Huawei and email_reply_to_address parameters to Notification#61
feat: add Huawei and email_reply_to_address parameters to Notification#61sherwinski merged 1 commit intomainfrom
Conversation
onesignal-deploy
force-pushed
the
user-api-updates
branch
2 times, most recently
from
5c747e6 to
ba3553b
Compare
onesignal-deploy
force-pushed
the
user-api-updates
branch
from
ba3553b to
1928efa
Compare
onesignal-deploy
force-pushed
the
user-api-updates
branch
from
1928efa to
c9a5a87
Compare
sherwinski
force-pushed
the
user-api-updates
branch
from
c9a5a87 to
ce62201
Compare
sherwinski
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Publish to PyPI | ||
| needs: release | ||
| if: needs.release.outputs.new_release_published == 'true' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - name: Set up Python 3.10 | ||
| uses: actions/setup-python@v6 | ||
| with: | ||
| python-version: "3.10" | ||
| - name: Install pypa/build | ||
| run: >- | ||
| python -m | ||
| pip install | ||
| build | ||
| --user | ||
| - name: Build a binary wheel and a source tarball | ||
| run: >- | ||
| python -m | ||
| build | ||
| --sdist | ||
| --wheel | ||
| --outdir dist/ | ||
| . | ||
| - name: Publish a Python distribution to PyPI | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| user: __token__ | ||
| password: ${{ secrets.PYPI_API_TOKEN }} | ||
| verbose: true |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 days ago
To fix the problem, the publish job needs an explicit permissions block limiting the default GITHUB_TOKEN privileges to only what is required. This job checks out the repository and runs build and publish steps, but does not need to write to the repository or manipulate issues/PRs. The minimal recommended permission is contents: read, which allows checkout and reading repository files but not pushing changes, creating releases, or modifying other resources.
Concretely, in .github/workflows/release.yml, under the publish job (line 43 onwards), add a permissions: section at the same indentation level as runs-on: and needs:. Set it to:
permissions:
contents: readThis keeps existing functionality intact: actions/checkout still works, the job still builds artifacts and publishes to PyPI using the PyPI token, and no other behavior is changed. No imports or additional methods are needed, as this is purely a YAML configuration change within the workflow.
| @@ -45,6 +45,8 @@ | ||
| needs: release | ||
| if: needs.release.outputs.new_release_published == 'true' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - name: Set up Python 3.10 |
sherwinski
changed the title
email_reply_to_address parameters to Notification
sherwinski
changed the title
email_reply_to_address parameters to Notification
sherwinski
force-pushed
the
user-api-updates
branch
from
d8cc5ac to
c1c2f7c
Compare
sherwinski
changed the title
## [5.3.0](v5.2.0...v5.3.0) (2026-03-24) ### Features * add Huawei and email_reply_to_address parameters to Notification ([#61](#61)) ([58ed6cc](58ed6cc)) [skip ci]
|
🎉 This PR is included in version 5.3.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
2 participants
Features
Adds the following
Notificationparameters:huawei_badge_classhuawei_badge_add_numhuawei_badge_set_numhuawei_categoryhuawei_bi_tagemail_reply_to_address