ai-workspace-lab/xworkmate-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release: pin GitHub Actions to specific commits and remove Rust FFI workflow

Browse Source 
- Pin actions/checkout, actions/setup-go, actions/upload-artifact, actions/download-artifact to specific commit hashes for supply chain security
- Remove build-rust-ffi.yml workflow as Rust FFI is no longer used

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Haitao Pan 2026-03-27 13:02:57 +08:00
parent 2aa293b7e1
commit 81c14213d6
2 changed files with 7 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/build-and-release.yml vendored
View File

@ -49,7 +49,7 @@ jobs:
release_notes: ${{ steps.meta.outputs.release_notes }}
steps:
- name: Checkout source
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
fetch-depth: 0
@ -73,7 +73,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
- name: Set up Flutter SDK
uses: ./.github/actions/setup-flutter-sdk
@ -131,7 +131,7 @@ jobs:
ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
steps:
- name: Checkout source
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
- name: Set up Flutter SDK
uses: ./.github/actions/setup-flutter-sdk
@ -140,7 +140,7 @@ jobs:
- name: Install Go
if: ${{ matrix.platform == 'macos' }}
uses: actions/setup-go@v5
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff
with:
go-version: "1.24.1"
@ -153,7 +153,7 @@ jobs:
run: bash ./scripts/ci/build_matrix_artifacts.sh "$PLATFORM" "$ARCH" "$SHOULD_RELEASE"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: build-${{ matrix.platform }}-${{ matrix.arch }}
path: |
@ -177,10 +177,10 @@ jobs:
- build
steps:
- name: Checkout source
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
- name: Download all artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
with:
path: release-artifacts

153
.github/workflows/build-rust-ffi.yml vendored
View File

@ -1,153 +0,0 @@
name: Build Rust FFI
on:
push:
branches: [main, develop]
paths:
- 'rust/**'
- '.github/workflows/build-rust-ffi.yml'
pull_request:
branches: [main]
paths:
- 'rust/**'
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
build-macos:
runs-on: macos-latest
strategy:
matrix:
target: [aarch64-apple-darwin, x86_64-apple-darwin]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
rust/target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Build Rust library
run: |
cd rust
cargo build --release --target ${{ matrix.target }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: libcodex-ffi-${{ matrix.target }}
path: |
rust/target/${{ matrix.target }}/release/libcodex_ffi.dylib
rust/target/${{ matrix.target }}/release/libcodex_ffi.a
build-universal:
needs: build-macos
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download aarch64 artifact
uses: actions/download-artifact@v4
with:
name: libcodex-ffi-aarch64-apple-darwin
path: target/aarch64
- name: Download x86_64 artifact
uses: actions/download-artifact@v4
with:
name: libcodex-ffi-x86_64-apple-darwin
path: target/x86_64
- name: Create universal binary
run: |
mkdir -p rust/target/universal
lipo -create \
target/aarch64/libcodex_ffi.dylib \
target/x86_64/libcodex_ffi.dylib \
-output rust/target/universal/libcodex_ffi.dylib
lipo -create \
target/aarch64/libcodex_ffi.a \
target/x86_64/libcodex_ffi.a \
-output rust/target/universal/libcodex_ffi.a
- name: Upload universal artifact
uses: actions/upload-artifact@v4
with:
name: libcodex-ffi-universal
path: |
rust/target/universal/libcodex_ffi.dylib
rust/target/universal/libcodex_ffi.a
test:
runs-on: macos-latest
needs: build-universal
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
rust/target
key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }}
- name: Run Rust tests
run: |
cd rust
cargo test --release
integrate-flutter:
runs-on: macos-latest
needs: build-universal
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download universal artifact
uses: actions/download-artifact@v4
with:
name: libcodex-ffi-universal
path: rust/target/universal
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
flutter-version: '3.24.3'
channel: 'stable'
- name: Copy FFI library to Frameworks
run: |
mkdir -p macos/Frameworks
cp rust/target/universal/libcodex_ffi.dylib macos/Frameworks/
- name: Analyze Flutter code
run: flutter analyze lib/runtime/
- name: Run Flutter tests
run: flutter test test/runtime/