Allow workflow to pass from forked repo PR

[AlexSurtees]

Description

Removes requirement for elevated-permissions access token in test workflow to allow forked PR workflows to pass.

Ignore package.jsons for linting because automated linting is applied by pnpm which clashes with biome causing the workflow to fail.

[netlify]

✅ Deploy Preview for biongff-vizarr ready!

Name	Link
🔨 Latest commit	aa35ea0
🔍 Latest deploy log	https://app.netlify.com/projects/biongff-vizarr/deploys/6a1694b2a9b1b80008269604
😎 Deploy Preview	https://deploy-preview-87--biongff-vizarr.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

This PR aims to make the CI “Build & Test” workflow succeed for pull requests opened from forked repositories by removing the need for an elevated-permissions checkout token, and by adjusting Biome linting exclusions to avoid conflicts around package.json.

Changes:

• Removed use of secrets.GH_PAT for actions/checkout in the test workflow.
• Updated Biome configuration to ignore selected package.json files during linting.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
biome.json	Expands Biome ignore list to exclude some package.json files from linting.
.github/workflows/test.yml	Removes elevated-permissions checkout token to better support forked PR runs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[davehorsfall]

This catch by co-pilot seems valid. The workflow will still fail because CODECOV_TOKEN is present. The suggestion of making this conditional is good, as it will then upload code coverage reports for main and local branches, but not for remote repos.

[davehorsfall]

A couple of good comments from co-pilot. However, this might take some trial and ever. Please address comments by co-pilot and merge when you're happy, and see if it helps with the open PRs. Thanks.

[davehorsfall]

This catch by co-pilot seems valid. The workflow will still fail because CODECOV_TOKEN is present. The suggestion of making this conditional is good, as it will then upload code coverage reports for main and local branches, but not for remote repos.

[AlexSurtees]

A couple of good comments from co-pilot. However, this might take some trial and ever. Please address comments by co-pilot and merge when you're happy, and see if it helps with the open PRs. Thanks.

It doesn't, the codecov action implements a workaround (I verified this works by implementing the same changes via a forked repo) However, I can stop the upload for remote repos anyway if that's desirable.