Skip to content

Test and run #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
successbase wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Test and run #89

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
96ada9a
Add GitHub Actions workflow for publishing releases
successbase Apr 17, 2026
e923e07
Add GitHub Actions workflow for Azure Web App deployment
successbase Apr 17, 2026
f989537
Update README.md
successbase Apr 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions .github/workflows/azure-webapps-node.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
# This workflow will build and push a node.js application to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-cli
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables below.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples

on:
push:
branches: [ "main" ]
workflow_dispatch:

env:
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
Copy link
Copy Markdown

@cursor cursor Bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unconfigured placeholder app name in deployment workflow

High Severity

AZURE_WEBAPP_NAME is set to the template placeholder your-app-name rather than an actual Azure Web App name. This workflow triggers on every push to main and on workflow_dispatch, so it will attempt a real deployment to a non-existent app, causing the deploy job to fail every time. This appears to be a GitHub-provided starter template committed without being configured.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit e923e07. Configure here.

AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '20.x' # set this to the node version to use

permissions:
contents: read

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'

- name: npm install, build, and test
run: |
npm install
npm run build --if-present
npm run test --if-present

- name: Upload artifact for deployment job
uses: actions/upload-artifact@v4
with:
name: node-app
path: .

deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}

steps:
- name: Download artifact from build job
uses: actions/download-artifact@v4
with:
name: node-app

- name: 'Deploy to Azure WebApp'
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
25 changes: 25 additions & 0 deletions .github/workflows/publish-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Publish Release

on:
pull_request:
types: [closed]

jobs:
publish-release:
permissions:
contents: write
if: |
github.event.pull_request.merged == true &&
startsWith(github.event.pull_request.head.ref, 'release/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Get Node.js version
id: nvm
run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
Comment thread
successbase marked this conversation as resolved.
Comment thread
successbase marked this conversation as resolved.
- uses: actions/setup-node@v2
with:
node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
- uses: MetaMask/action-publish-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Copy link
Copy Markdown

@cursor cursor Bot Apr 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Workflow is exact duplicate of template file

Low Severity

.github/workflows/publish-release.yml is a byte-for-byte copy of workflow-templates/publish-release.yml. In a .github organization template repository, the workflow-templates/ directory provides templates for other repos to adopt. Placing the same content in .github/workflows/ activates it as a live workflow for this repo, which is likely unintentional and makes it an active duplicate of the template it's meant to distribute.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit f989537. Configure here.

21 changes: 21 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,22 @@
name: Build and Test

on:
push:
branches:
- main

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Create .env file
run: |
echo "NODE_ENV=production" >> .env
echo "DATABASE_URL=postgresql://localhost:5432/mydb" >> .env
Copy link
Copy Markdown

@cursor cursor Bot Apr 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoded database URL exposed in README

Medium Severity

A hardcoded DATABASE_URL=postgresql://localhost:5432/mydb is committed in README.md. While this appears to be a localhost development URL, committing database connection strings (even local ones) sets a bad precedent and could leak infrastructure details. Unlike API_KEY on the next line which correctly uses secrets, this connection string is in plaintext in a public-facing file.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit f989537. Configure here.

echo "API_KEY=${{ secrets.API_KEY }}" >> .env
- name: Use .env file
run: |
source .env
echo "Environment: $NODE_ENV"
Copy link
Copy Markdown

@cursor cursor Bot Apr 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

README.md overwritten with workflow YAML content

High Severity

The entire README.md has been replaced with a GitHub Actions workflow YAML definition (name: Build and Test, on: push, jobs:, etc.) instead of Markdown documentation. This content won't execute as a workflow from README.md — workflows must live under .github/workflows/. The previous README documentation is now lost, and visitors to the repo will see raw YAML instead of project docs.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit f989537. Configure here.