Conversation
|
@asasine 👋 This repository doesn't have Copilot instructions. With Copilot instructions, I can understand the repository better, work faster and produce higher quality PRs. I can generate a .github/copilot-instructions.md file for you automatically. Click here to open a pre-filled issue and assign it to me. I'll write the instructions, and then tag you for review. |
… binaries Co-authored-by: asasine <5421969+asasine@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Build and upload binaries | ||
| runs-on: ${{ matrix.os }} | ||
|
|
||
| strategy: | ||
| matrix: | ||
| include: | ||
| - os: ubuntu-latest | ||
| target: x86_64-unknown-linux-gnu | ||
| suffix: "" | ||
| - os: ubuntu-latest | ||
| target: x86_64-unknown-linux-musl | ||
| suffix: "" | ||
| - os: ubuntu-latest | ||
| target: aarch64-unknown-linux-gnu | ||
| suffix: "" | ||
| - os: windows-latest | ||
| target: x86_64-pc-windows-msvc | ||
| suffix: .exe | ||
| - os: macos-latest | ||
| target: x86_64-apple-darwin | ||
| suffix: "" | ||
| - os: macos-latest | ||
| target: aarch64-apple-darwin | ||
| suffix: "" | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v5 | ||
|
|
||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| targets: ${{ matrix.target }} | ||
|
|
||
| - name: Install cross-compilation tools | ||
| if: matrix.target == 'aarch64-unknown-linux-gnu' | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y gcc-aarch64-linux-gnu | ||
|
|
||
| - name: Install musl tools | ||
| if: matrix.target == 'x86_64-unknown-linux-musl' | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y musl-tools | ||
|
|
||
| - name: Configure cross-compilation | ||
| if: matrix.target == 'aarch64-unknown-linux-gnu' | ||
| run: | | ||
| echo 'CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc' >> $GITHUB_ENV | ||
|
|
||
| - name: Build binaries | ||
| run: cargo build --release --target ${{ matrix.target }} | ||
|
|
||
| - name: Create archive directory | ||
| run: mkdir -p artifacts | ||
|
|
||
| - name: Prepare binaries (Unix) | ||
| if: matrix.os != 'windows-latest' | ||
| run: | | ||
| cp target/${{ matrix.target }}/release/spongebob${{ matrix.suffix }} artifacts/ | ||
| cp target/${{ matrix.target }}/release/goodboye${{ matrix.suffix }} artifacts/ | ||
|
|
||
| - name: Prepare binaries (Windows) | ||
| if: matrix.os == 'windows-latest' | ||
| run: | | ||
| copy target\${{ matrix.target }}\release\spongebob${{ matrix.suffix }} artifacts\ | ||
| copy target\${{ matrix.target }}\release\goodboye${{ matrix.suffix }} artifacts\ | ||
|
|
||
| - name: Create tar.gz archive (Unix) | ||
| if: matrix.os != 'windows-latest' | ||
| run: | | ||
| cd artifacts | ||
| tar -czf ../spongebob-${{ github.ref_name }}-${{ matrix.target }}.tar.gz * | ||
|
|
||
| - name: Create zip archive (Windows) | ||
| if: matrix.os == 'windows-latest' | ||
| run: | | ||
| cd artifacts | ||
| 7z a ../spongebob-${{ github.ref_name }}-${{ matrix.target }}.zip * | ||
|
|
||
| - name: Upload tar.gz to release (Unix) | ||
| if: matrix.os != 'windows-latest' | ||
| uses: softprops/action-gh-release@v2 | ||
| with: | ||
| files: ./spongebob-${{ github.ref_name }}-${{ matrix.target }}.tar.gz | ||
|
|
||
| - name: Upload zip to release (Windows) | ||
| if: matrix.os == 'windows-latest' | ||
| uses: softprops/action-gh-release@v2 | ||
| with: | ||
| files: ./spongebob-${{ github.ref_name }}-${{ matrix.target }}.zip No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
The best way to fix this is to explicitly declare a minimal permissions block at the job level for build-and-upload in .github/workflows/release-binaries.yaml. Since this job only uploads binaries to releases, the smallest necessary permission is contents: write (needed by softprops/action-gh-release to upload release assets). If future jobs only need to read the repository, contents: read would suffice for those, but for this job, contents: write is required.
To implement this, add a permissions: section under build-and-upload at the same indentation level as name: (line 12). No new methods, imports, or special definitions are needed—just an update to the YAML structure.
| @@ -10,6 +10,8 @@ | ||
| jobs: | ||
| build-and-upload: | ||
| name: Build and upload binaries | ||
| permissions: | ||
| contents: write | ||
| runs-on: ${{ matrix.os }} | ||
|
|
||
| strategy: |
Co-authored-by: asasine <5421969+asasine@users.noreply.github.com>
This PR implements automated binary releases to support
cargo binstall spongebobinstallation, providing a faster alternative to compiling from source.Changes Made
GitHub Actions Workflow
.github/workflows/release-binaries.yamlthat automatically builds cross-platform binaries when releases are publishedcargo-binstall Configuration
[package.metadata.binstall]section toCargo.tomlwith URL template for binary discoveryDocumentation Update
cargo binstall spongebobas the primary installation methodcargo install spongebobas an alternative for users who prefer building from sourceBenefits
The workflow will activate automatically with the next release. Both the main
spongebobbinary and thegoodboyebinary are included in each archive.Fixes #29.
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/repos/asasine/spongebob/releases/195215770/assetscurl -s REDACTED(http block)If you need me to access, download, or install something from one of these locations, you can either:
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.