Skip to content

another test #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stacksjb wants to merge 19 commits into from
Closed

another test #12

stacksjb wants to merge 19 commits into from

Conversation

@stacksjb
Copy link
Owner

@stacksjb stacksjb commented May 26, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2025
View reviewed changes
.github/workflows/release_mac.yml
Comment on lines 10 to 66
name: Build and Release macOS Binaries
runs-on: macos-latest # The job will run on a macOS runner

steps:
# Checkout the repository
- name: Checkout repository
uses: actions/checkout@v4 # Correct use of 'uses' within steps

# Set up Rust toolchain
- name: Set up Rust toolchain
uses: dtolnay/rust-toolchain@stable # Set up the Rust toolchain

# Build for macOS Intel (x86_64)
- name: Build for macOS Intel
run: |
cargo build --release --target x86_64-apple-darwin

# Build for macOS ARM (aarch64)
- name: Build for macOS ARM
run: |
cargo build --release --target aarch64-apple-darwin

# Create the binaries directory if it doesn't exist
- name: Create release binaries directory
run: |
mkdir -p target/release/binaries

# Copy the macOS Intel binary into the binaries directory
- name: Copy macOS Intel binary
run: |
cp target/x86_64-apple-darwin/release/shell_command_menu target/release/binaries/shell_command_menu_intel

# Copy the macOS ARM binary into the binaries directory
- name: Copy macOS ARM binary
run: |
cp target/aarch64-apple-darwin/release/shell_command_menu target/release/binaries/shell_command_menu_arm

# Zip and rename the Intel binary
- name: Zip and rename the macOS Intel binary
run: |
cd target/release/binaries
tar -czf shell_command_menu_macos_intel.tgz shell_command_menu_intel # Create a .tgz archive for Intel

# Zip and rename the ARM binary
- name: Zip and rename the macOS ARM binary
run: |
cd target/release/binaries
tar -czf shell_command_menu_macos_arm.tgz shell_command_menu_arm # Create a .tgz archive for ARM

# Upload the binaries to the GitHub release
- name: Upload binaries to GitHub release
uses: softprops/action-gh-release@v2.2.2 # Use the updated version of gh-release
with:
token: ${{ secrets.GH_PAT_CLI_MENU }} # GitHub token for authentication
files: |
target/release/binaries/shell_command_menu_macos_intel.tgz # Upload the Intel .tgz file
target/release/binaries/shell_command_menu_macos_arm.tgz # Upload the ARM .tgz file

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 8 months ago

To fix the issue, we will add a permissions block at the workflow level to explicitly define the least privileges required. Since the workflow primarily interacts with repository contents (e.g., checking out the repository and uploading binaries), we will set contents: read as the minimal permission. Additionally, the softprops/action-gh-release step uses a personal access token (secrets.GH_PAT_CLI_MENU) for authentication, so no additional permissions are required for the GITHUB_TOKEN.

Suggested changeset 1
.github/workflows/release_mac.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release_mac.yml b/.github/workflows/release_mac.yml
--- a/.github/workflows/release_mac.yml
+++ b/.github/workflows/release_mac.yml
@@ -7,2 +7,5 @@
 
+permissions:
+  contents: read
+
 jobs:
EOF
@@ -7,2 +7,5 @@

permissions:
contents: read

jobs:
Copilot is powered by AI and may make mistakes. Always verify output.
@stacksjb stacksjb closed this May 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stacksjb