Skip to content

Finalising the new scp process #302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 16, 2025
Merged

Finalising the new scp process #302

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/FUNDING.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# These are supported funding model platforms

ko_fi: afxgroup
41 changes: 0 additions & 41 deletions .github/actions/scp-deb-server/action.yml
View file
Open in desktop

This file was deleted.

11 changes: 10 additions & 1 deletion .github/workflows/_compile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,17 +84,25 @@ jobs:
run: sudo apt-get update && sudo apt-get install -y openssh-client

- name: Setup SSH key
if: ${{ inputs.spe == 'no' }}
run: |
mkdir -p ~/.ssh
echo "$SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -p $SSH_PORT -H $SSH_HOST >> ~/.ssh/known_hosts

- name: Before script
if: ${{ inputs.spe == 'no' }}
run: |
echo "Remove old release"
ssh -i ~/.ssh/id_rsa \
-p $SSH_PORT \
-o StrictHostKeyChecking=no \
$SSH_USER@$SSH_HOST \
"rm /opt/amigarepo/ubuntu/pool/main/clib4-v*_amd64.deb"

- name: Upload via SCP
if: ${{ inputs.spe == 'no' }}
run: |
scp -i ~/.ssh/id_rsa \
-P $SSH_PORT \
Expand All @@ -103,6 +111,7 @@ jobs:
$SSH_USER@$SSH_HOST:/opt/amigarepo/ubuntu/pool/main

- name: After script
if: ${{ inputs.spe == 'no' }}
run: |
echo "Regenerate the packages"
ssh -i ~/.ssh/id_rsa \
Expand All @@ -112,7 +121,7 @@ jobs:
"sh /root/regenerate-packages.sh"

- name: SSH Cleanup
if: always()
if: ${{ inputs.spe == 'no' }}
run: |
rm -f ~/.ssh/id_rsa

Expand Down
39 changes: 20 additions & 19 deletions .github/workflows/makeRelease.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
on:
release:
branches:
- scp-actions
- master
types:
- published

Expand All @@ -17,23 +17,24 @@
spe: "no"
secrets: inherit


# compile-spe:
# name: Build for PowerPC SPE cpus
# uses: ./.github/workflows/_compile.yml
# with:
# git_tag: ${{ github.event.release.tag_name }}
# gcc: 6
# spe: "yes"
compile-spe:
name: Build for PowerPC SPE cpus
uses: ./.github/workflows/_compile.yml
with:
git_tag: ${{ github.event.release.tag_name }}
gcc: 6
spe: "yes"
Comment on lines 20 to +27

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix the problem, add an explicit permissions block to the workflow file. This can be done at the top level (applies to all jobs) or at the job level (for more granular control). The minimal starting point is to set permissions: {} at the workflow level, which disables all default permissions for the GITHUB_TOKEN. If any jobs require specific permissions (e.g., to read repository contents or create releases), those can be added as needed. In this case, since the jobs appear to only build and send notifications, the minimal block is likely sufficient. The change should be made at the top of the file, after the name and before on.

Suggested changeset 1
.github/workflows/makeRelease.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/makeRelease.yml b/.github/workflows/makeRelease.yml
--- a/.github/workflows/makeRelease.yml
+++ b/.github/workflows/makeRelease.yml
@@ -1,3 +1,4 @@
+permissions: {}
 name: Make a new release
 
 on:
EOF
@@ -1,3 +1,4 @@
permissions: {}
name: Make a new release

on:
Copilot is powered by AI and may make mistakes. Always verify output.
secrets: inherit

# announcements:
# needs: [compile-ppc, compile-spe]
# name: Notify on Discord on successful release
# runs-on: ubuntu-latest
# steps:
# - name: Notify on Discord on successful release
# uses: hunghg255/action-notifications@master
# with:
# discord_webhook: https://discord.com/api/webhooks/${{ secrets.DISCORD_ANNOUNCEMENTS_ID }}/${{ secrets.DISCORD_ANNOUNCEMENTS_TOKEN }}
# title: "clib4 ${{ github.event.release.tag_name }} released"
# description: "Check it out at: ${{ github.event.release.html_url }}"
announcements:
needs: [compile-ppc, compile-spe]
name: Notify on Discord on successful release
runs-on: ubuntu-latest
steps:
- name: Notify on Discord on successful release
uses: hunghg255/action-notifications@master
with:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 2 months ago

To fix the problem, you should add a permissions block to the workflow file .github/workflows/makeRelease.yml. This block can be added at the top level (applies to all jobs) or at the job level (applies to individual jobs). The best way is to add it at the top level, just below the name and before the on block, to ensure all jobs inherit the least privilege unless overridden. For a release workflow that builds artifacts and sends notifications, the minimal permissions required are typically contents: read (to read repository contents) and possibly pull-requests: write if you create or update pull requests, but in this case, only reading contents is likely needed. If any job requires more permissions, you can override at the job level. For now, add:

permissions:
  contents: read

just after the name: line.

Suggested changeset 1
.github/workflows/makeRelease.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/makeRelease.yml b/.github/workflows/makeRelease.yml
--- a/.github/workflows/makeRelease.yml
+++ b/.github/workflows/makeRelease.yml
@@ -1,3 +1,5 @@
+permissions:
+  contents: read
 name: Make a new release
 
 on:
EOF
@@ -1,3 +1,5 @@
permissions:
contents: read
name: Make a new release

on:
Copilot is powered by AI and may make mistakes. Always verify output.
discord_webhook: https://discord.com/api/webhooks/${{ secrets.DISCORD_ANNOUNCEMENTS_ID }}/${{ secrets.DISCORD_ANNOUNCEMENTS_TOKEN }}
title: "clib4 ${{ github.event.release.tag_name }} released"
description: "Check it out at: ${{ github.event.release.html_url }}"
4 changes: 2 additions & 2 deletions .github/workflows/mergeMainBranches.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ name: Merge into main branches
on:
pull_request:
branches:
- master_disabled
- development_disabled
- master
- development
types:
- closed

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/prChecks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Pull request build
on:
pull_request:
branches:
- master_disabled
- master
types:
- opened
- reopened
Expand Down
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
[![ko-fi](https://img.shields.io/badge/Buy%20me%20a%20Ko--fi-F16061?style=flat&logo=ko-fi&logoColor=white)](https://ko-fi.com/afxgroup)

# Clib4 - C runtime library for AmigaOS4

[![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause)
Expand Down