Conversation
HofiOne
requested review from
folti and
kovgeri01
and removed request for
folti
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+62
to
+71
| needs: index-packages | ||
| uses: ./.github/workflows/test-deb-packages.yml | ||
| with: | ||
| pkg-type: nightly | ||
|
|
||
| test-rpm-packages: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, we should add an explicit permissions section at the top level of the workflow (recommended for consistency and coverage, unless fine-grained per-job tuning is preferred). Start with the minimal set required: for workflows mainly reading source and uploading artifacts, and those using reusable workflows (which may require more), the base should be contents: read, possibly packages: write or actions: write if needed. A conservative starting point is to use contents: read, and as needed add additional write privileges to specific jobs. Since without changing functionality we can’t guess the least needed, adopt the minimal starting point as suggested by CodeQL.
Changes needed:
- Insert a
permissions:block after the workflow name and beforeon: - Use
permissions: {}for absolute minimum starting (denies all except metadata), orcontents: read(which is normally safe for most workflows unless writing is needed). Since jobs upload artifacts and potentially publish Docker images, some jobs may need broader permissions, but the initial fix is to add the recommended minimal block. - All changes are in .github/workflows/nightly-release.yml.
Suggested changeset
1
.github/workflows/nightly-release.yml
| @@ -1,4 +1,5 @@ | ||
| name: Nightly release | ||
| permissions: {} | ||
|
|
||
| on: | ||
| workflow_dispatch: |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
HofiOne
force-pushed
the
new-packages-images
branch
10 times, most recently
from
13a2d09 to
e716cd5
Compare
Signed-off-by: Hofi <[email protected]>
…already set (e.g. when manually triggered) Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]> # Conflicts: # dbld/builddeps Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
…e on the github UI) Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
…M as well Signed-off-by: Hofi <[email protected]>
Signed-off-by: Tamas Pal <[email protected]> Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
Signed-off-by: Hofi <[email protected]>
HofiOne
force-pushed
the
new-packages-images
branch
from
e716cd5 to
c1390eb
Compare
therandomstring
previously requested changes
Sep 3, 2025
HofiOne
force-pushed
the
new-packages-images
branch
2 times, most recently
from
d37b5d4 to
a961ba7
Compare
Signed-off-by: Hofi <[email protected]>
HofiOne
force-pushed
the
new-packages-images
branch
from
a961ba7 to
d8f6a8a
Compare
Signed-off-by: Hofi <[email protected]>
HofiOne
force-pushed
the
new-packages-images
branch
from
d8f6a8a to
ff90601
Compare
folti
approved these changes
Sep 4, 2025
mrgarris0n
approved these changes
Sep 4, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New package formats, platforms, and architectures!
the long-awaited RPM repository is here, we have RHEL-8, RHEL-9, and REHL-10 packages available, both for amd64 and arm64 architectures,
just download and install the repository definition
we fixed the publishing of our arm64 DEB packages
added new DEB packages for Debian Trixie, both for amd64 and arm64.
new DBLD docker images for Rocky-9, OpenSuse Tumbleweed, Ubuntu Plucky, and Debian Trixie
Resolves #5429
Resolves #5391
Successful Nightly run: https://github.com/syslog-ng/syslog-ng/actions/runs/17322559693