Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions .github/workflows/post-view-count-concurrency-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Post View Count Concurrency Test (x50)

on:
workflow_dispatch:

jobs:
repeat-test:
runs-on: ubuntu-latest
permissions:
contents: read
checks: write

steps:
- name: Checkout master
uses: actions/checkout@v4
with:
ref: master
Comment on lines +14 to +17

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

persist-credentials: false 추가를 권장합니다.

actions/checkout@v4는 기본적으로 GitHub 토큰을 git config에 저장합니다. 이 워크플로우는 테스트 실행만 수행하므로 credential 지속이 불필요하며, 보안 노출면을 줄이기 위해 persist-credentials: false를 명시하는 것이 좋습니다.

🔒️ 제안하는 수정
       - name: Checkout master
         uses: actions/checkout@v4
         with:
           ref: master
+          persist-credentials: false
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Checkout master
uses: actions/checkout@v4
with:
ref: master
- name: Checkout master
uses: actions/checkout@v4
with:
ref: master
persist-credentials: false
🧰 Tools
🪛 zizmor (1.26.1)

[warning] 14-17: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/post-view-count-concurrency-test.yml around lines 14 - 17,
In the Checkout master step using actions/checkout@v4, explicitly disable
persisted GitHub credentials by setting persist-credentials to false, since this
workflow only runs tests and does not need git-auth persistence. Update the
existing checkout configuration in the workflow job so the actions/checkout
invocation includes the new security setting alongside ref: master.

Source: Linters/SAST tools


- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Make Gradle wrapper executable
run: chmod +x ./gradlew

- name: Run test 50 times
run: |
set +e
FAIL_COUNT=0
for i in $(seq 1 50); do
echo "=== Run $i/50 ==="
./gradlew test --tests "com.example.solidconnection.concurrency.PostViewCountConcurrencyTest.게시글을_조회할_때_조회수_동시성_문제를_해결한다" --rerun-tasks
STATUS=$?
mkdir -p build/repeat-test-results/run-$i
cp -r build/test-results/test/. build/repeat-test-results/run-$i/ 2>/dev/null || true
if [ $STATUS -ne 0 ]; then
FAIL_COUNT=$((FAIL_COUNT + 1))
echo "Run $i FAILED"
fi
done
echo "Total failures: $FAIL_COUNT / 50"
if [ $FAIL_COUNT -ne 0 ]; then
exit 1
fi

- name: Publish Test Report
uses: mikepenz/action-junit-report@v5
if: success() || failure()
with:
report_paths: 'build/repeat-test-results/**/TEST-*.xml'
Loading