anxious fiddling

Author: daniel-noland

.github/workflows/build.yml

@@ -17,12 +17,30 @@ on:
 
 jobs:
   matrix:
+    permissions:
+      issues: "write"
+      pull-requests: "write"
+      packages: "write"
+      contents: "write"
+      id-token: "write"
     name: "matrix"
     runs-on:
       - "lab"
     outputs:
       matrix: "${{ steps.matrix.outputs.matrix }}"
     steps:
+      - name: "SCIENCE"
+        uses: "actions/github-script@v7"
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          script: |
+            let fs = require('fs');
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "# science is a verb now"
+            });
       - uses: "actions/checkout@v4"
       - uses: "dtolnay/rust-toolchain@stable"
       - uses: "cargo-bins/cargo-binstall@main"
@@ -105,6 +123,8 @@ jobs:
       max-parallel: 3
       matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }}
     permissions:
+      issues: "write"
+      pull-requests: "write"
       packages: "write"
       contents: "write"
       id-token: "write"
@@ -149,21 +169,24 @@ jobs:
       - name: "step summary"
         continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB
         run: |
-          echo "# Outdated packages:" >> "$GITHUB_STEP_SUMMARY"
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md >> $GITHUB_STEP_SUMMARY
-          
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          echo "# Vuln scan (gnu64):" >> "$GITHUB_STEP_SUMMARY"
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md >> $GITHUB_STEP_SUMMARY
-          
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          echo "# Runtime SBOM (gnu64):" >> "$GITHUB_STEP_SUMMARY"
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.sbom.md >> $GITHUB_STEP_SUMMARY
-          
-          echo "" >> "$GITHUB_STEP_SUMMARY"
+          {
+            echo "# Outdated packages (gnu64):";
+            echo "";
+            cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md;
+            echo "";
+            echo "# Outdated packages (musl64):";
+            echo "";
+            cat /tmp/dpdk-sys/builds/env.sysroot.musl64.outdated.md;
+            echo "";
+            echo "# Vuln scan (gnu64):";
+            echo "";
+            cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md;
+            echo "";
+            echo "# Vuln scan (musl64):";
+            echo "";
+            cat /tmp/dpdk-sys/builds/env.sysroot.musl64.vulns.triage.md;
+            echo "";
+          } >> $GITHUB_STEP_SUMMARY
       - name: "remove links from /tmp/dpdk-sys/builds"
         run: |
           for f in /tmp/dpdk-sys/builds/*; do
@@ -179,6 +202,68 @@ jobs:
         timeout-minutes: 60
         with:
           limit-access-to-actor: true
+      - name: "outdated packages (gnu64)"
+        uses: "actions/github-script@v7"
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          script: |
+            let fs = require('fs');
+            let body = "# Outdated packages (gnu64):\n";
+            body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md');
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });
+
+      - name: "outdated packages (musl64)"
+        uses: "actions/github-script@v7"
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          script: |
+            let fs = require('fs');
+            let body = "# Outdated packages (musl64):\n";
+            body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.musl64.outdated.md');
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });
+
+      - name: "Vulnerable packages (gnu64)"
+        uses: "actions/github-script@v7"
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          script: |
+            let fs = require('fs');
+            let body = "# Vulnerable packages (gnu64):\n";
+            body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md');
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });
+
+      - name: "Vulnerable packages (musl64)"
+        uses: "actions/github-script@v7"
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          script: |
+            let fs = require('fs');
+            let body = "# Vulnerable packages (musl64):\n";
+            body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.musl64.vulns.triage.md');
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });
 
   summary:
     name: "summary"