Conversation
test
release build for mac
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
10
to
66
| name: Build and Release macOS Binaries | ||
| runs-on: macos-latest # The job will run on a macOS runner | ||
|
|
||
| steps: | ||
| # Checkout the repository | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 # Correct use of 'uses' within steps | ||
|
|
||
| # Set up Rust toolchain | ||
| - name: Set up Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable # Set up the Rust toolchain | ||
|
|
||
| # Build for macOS Intel (x86_64) | ||
| - name: Build for macOS Intel | ||
| run: | | ||
| cargo build --release --target x86_64-apple-darwin | ||
|
|
||
| # Build for macOS ARM (aarch64) | ||
| - name: Build for macOS ARM | ||
| run: | | ||
| cargo build --release --target aarch64-apple-darwin | ||
|
|
||
| # Create the binaries directory if it doesn't exist | ||
| - name: Create release binaries directory | ||
| run: | | ||
| mkdir -p target/release/binaries | ||
|
|
||
| # Copy the macOS Intel binary into the binaries directory | ||
| - name: Copy macOS Intel binary | ||
| run: | | ||
| cp target/x86_64-apple-darwin/release/shell_command_menu target/release/binaries/shell_command_menu_intel | ||
|
|
||
| # Copy the macOS ARM binary into the binaries directory | ||
| - name: Copy macOS ARM binary | ||
| run: | | ||
| cp target/aarch64-apple-darwin/release/shell_command_menu target/release/binaries/shell_command_menu_arm | ||
|
|
||
| # Zip and rename the Intel binary | ||
| - name: Zip and rename the macOS Intel binary | ||
| run: | | ||
| cd target/release/binaries | ||
| tar -czf shell_command_menu_macos_intel.tgz shell_command_menu_intel # Create a .tgz archive for Intel | ||
|
|
||
| # Zip and rename the ARM binary | ||
| - name: Zip and rename the macOS ARM binary | ||
| run: | | ||
| cd target/release/binaries | ||
| tar -czf shell_command_menu_macos_arm.tgz shell_command_menu_arm # Create a .tgz archive for ARM | ||
|
|
||
| # Upload the binaries to the GitHub release | ||
| - name: Upload binaries to GitHub release | ||
| uses: softprops/action-gh-release@v2.2.2 # Use the updated version of gh-release | ||
| with: | ||
| token: ${{ secrets.GH_PAT_CLI_MENU }} # GitHub token for authentication | ||
| files: | | ||
| target/release/binaries/shell_command_menu_macos_intel.tgz # Upload the Intel .tgz file | ||
| target/release/binaries/shell_command_menu_macos_arm.tgz # Upload the ARM .tgz file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 months ago
To fix the issue, we will add a permissions block at the workflow level to explicitly define the least privileges required. Since the workflow primarily interacts with repository contents (e.g., checking out the repository and uploading binaries), we will set contents: read as the minimal permission. Additionally, the softprops/action-gh-release step uses a personal access token (secrets.GH_PAT_CLI_MENU) for authentication, so no additional permissions are required for the GITHUB_TOKEN.
Suggested changeset
1
.github/workflows/release_mac.yml
| @@ -7,2 +7,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.