Skip to content

feat: update releases to be sea's #375

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
cpendery wants to merge 12 commits into
base: main
Choose a base branch
from
Draft

feat: update releases to be sea's #375

cpendery wants to merge 12 commits into from

Conversation

@cpendery
Copy link
Member

@cpendery cpendery commented Jan 13, 2026

No description provided.

cpendery added 12 commits January 6, 2026 22:38
@cpendery
feat: add sea support
22888a9 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
fix: lockfile
ca079ad 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
ci: fix macos x64 runner image
03208fc 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
fix: remove tui-test
f00667b 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
ci: combine all artifacts
41e4eb9 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
ci: don't nest artifacts
9e9f645 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
feat: add base pkg script
c43ee0e 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
fix: add package-base script
a132c16 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
docs: remove node requirement
78a3f97 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
fix: startup time
a462982 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
fix: extend timeout on doctor command
d8f6413 
Signed-off-by: Chapman Pendery <[email protected]>
@cpendery
fix: cleanup commands & add formula
a1fff1e 
Signed-off-by: Chapman Pendery <[email protected]>
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 13, 2026
View reviewed changes
.github/workflows/pkg.yml
Comment on lines +10 to +54
strategy:
matrix:
include:
- os: macos-latest
arch: arm64
artifact-name: inshellisense-darwin-arm64
- os: macos-15-intel
arch: x64
artifact-name: inshellisense-darwin-x64
- os: ubuntu-latest
arch: x64
artifact-name: inshellisense-linux-x64
- os: ubuntu-24.04-arm
arch: arm64
artifact-name: inshellisense-linux-arm64
- os: windows-latest
arch: x64
artifact-name: inshellisense-win32-x64
- os: windows-11-arm
arch: arm64
artifact-name: inshellisense-win32-arm64

runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4

- name: Use Node.js 22.x
uses: actions/setup-node@v3
with:
node-version: 22

- run: npm ci

- run: npm run build

- run: npm run package

- name: Upload binary artifact
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.artifact-name }}
path: pkg/*.tgz
if-no-files-found: error

combine:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 days ago

In general, this should be fixed by explicitly declaring a permissions block to limit what the GITHUB_TOKEN can do. The safest and simplest approach is to set permissions at the workflow root so it applies to all jobs that don’t override it. For this workflow, we can restrict contents to read, which is sufficient for actions/checkout and all subsequent build/packaging steps, and no other permissions are needed.

Concretely, in .github/workflows/pkg.yml, add a root-level permissions: block between the name: and on: keys. This block will look like:

permissions:
  contents: read

No other changes to jobs or steps are required. This does not change any existing functionality, because none of the steps rely on write access to repository contents or other resources; it only reduces the potential impact if a job is compromised.

Suggested changeset 1
.github/workflows/pkg.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pkg.yml b/.github/workflows/pkg.yml
--- a/.github/workflows/pkg.yml
+++ b/.github/workflows/pkg.yml
@@ -1,5 +1,8 @@
 name: Package
 
+permissions:
+  contents: read
+
 on:
   push:
     tags:
EOF
@@ -1,5 +1,8 @@
name: Package

permissions:
contents: read

on:
push:
tags:
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/pkg.yml
Comment on lines +55 to +69
needs: build
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
merge-multiple: true

- name: Upload combined artifact
uses: actions/upload-artifact@v4
with:
name: inshellisense-all
path: artifacts/*.tgz
if-no-files-found: error No newline at end of file

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 6 days ago

In general, the fix is to explicitly define a permissions block that restricts the GITHUB_TOKEN to the minimal scopes necessary. Because this workflow only checks out code, installs dependencies, builds/packages, and uploads/downloads artifacts, it only requires read access to repository contents; it does not need to write to issues, pull requests, or repository contents. The best fix is to add a permissions block at the root of the workflow so it applies to all jobs (build and combine) without altering their behavior.

Concretely, in .github/workflows/pkg.yml, insert a permissions: section after the name: Package line (line 1) and before the on: block. Set contents: read as a safe minimal scope. No additional imports or methods are required; this is purely a YAML configuration change to the workflow file. The jobs and steps remain unchanged.

Suggested changeset 1
.github/workflows/pkg.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pkg.yml b/.github/workflows/pkg.yml
--- a/.github/workflows/pkg.yml
+++ b/.github/workflows/pkg.yml
@@ -1,5 +1,8 @@
 name: Package
 
+permissions:
+  contents: read
+
 on:
   push:
     tags:
EOF
@@ -1,5 +1,8 @@
name: Package

permissions:
contents: read

on:
push:
tags:
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cpendery