Skip to content

add windows support and sdk distribution support#21

Merged
xianshijing-lk merged 8 commits intomainfrom
sxian/CLT-2385/CLT-2386/add_windows_support_and_sdk_dist
Dec 30, 2025
Merged

add windows support and sdk distribution support#21
xianshijing-lk merged 8 commits intomainfrom
sxian/CLT-2385/CLT-2386/add_windows_support_and_sdk_dist

Conversation

@xianshijing-lk
Copy link
Collaborator

@xianshijing-lk xianshijing-lk commented Dec 25, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 25, 2025
View reviewed changes
.github/workflows/make-release.yml
Comment on lines +20 to +107
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
name: linux-x86_64
generator: Ninja
- os: windows-latest
name: windows-x86_64
generator: "Visual Studio 17 2022"
- os: macos-latest
name: macos-arm64
generator: Ninja
macos_arch: "arm64"
# optionally add x86_64 mac build if you need it:
# - os: macos-latest
# name: macos-x86_64
# generator: Ninja
# macos_arch: "x86_64"

name: Build (${{ matrix.name }})
runs-on: ${{ matrix.os }}

steps:
- uses: actions/checkout@v4
with:
submodules: true

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable

- name: Install Protoc
uses: arduino/setup-protoc@v2
with:
version: "25.2"
repo-token: ${{ secrets.GITHUB_TOKEN }}

- name: Install deps (Ubuntu)
if: startsWith(matrix.os, 'ubuntu')
run: |
sudo apt-get update
sudo apt-get install -y ninja-build cmake pkg-config libprotobuf-dev libssl-dev

- name: Install deps (macOS)
if: startsWith(matrix.os, 'macos')
run: |
brew update
brew install ninja cmake protobuf openssl abseil

- name: Install deps (Windows)
if: startsWith(matrix.os, 'windows')
shell: pwsh
run: |
choco install ninja cmake -y

- name: Build + bundle
shell: bash
run: |
chmod +x ./build.sh
args=(release -G "${{ matrix.generator }}" \
--version "${{ steps.ver.outputs.version }}" \
--bundle --prefix "sdk-out/livekit-sdk-${{ matrix.name }}")
if [[ "${{ runner.os }}" == "macOS" && -n "${{ matrix.macos_arch }}" ]]; then
args+=(--macos-arch "${{ matrix.macos_arch }}")
fi
./build.sh "${args[@]}"

- name: Archive (Unix)
if: ${{ !startsWith(matrix.os, 'windows') }}
shell: bash
run: |
tar -czf "livekit-sdk-${{ matrix.name }}.tar.gz" -C sdk-out "livekit-sdk-${{ matrix.name }}"

- name: Archive (Windows)
if: startsWith(matrix.os, 'windows')
shell: pwsh
run: |
Compress-Archive -Path "sdk-out/livekit-sdk-${{ matrix.name }}/*" -DestinationPath "livekit-sdk-${{ matrix.name }}.zip"

- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: sdk-builds-${{ matrix.name }}
path: |
livekit-sdk-${{ matrix.name }}.tar.gz
livekit-sdk-${{ matrix.name }}.zip

release:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 2 months ago

In general, the problem is fixed by explicitly defining a permissions: block so that the GITHUB_TOKEN is granted only the scopes needed by the workflow/job. For this workflow, the build job needs only read access to the repository contents (for actions/checkout and any token-based access used by other actions), while the release job already declares contents: write because it creates and uploads a GitHub Release.

The least intrusive fix that preserves existing behavior is to add a top-level permissions: block after the on: section, setting contents: read. This establishes a minimal default for all jobs. The release job already overrides this with its own permissions: block, so it will remain unchanged. No other functionality, steps, or actions need to be modified.

Concretely:

  • Edit .github/workflows/make-release.yml.
  • After the on: block (after line 13 in the snippet), add:
permissions:
  contents: read
  • Leave the release job’s existing permissions: block as-is, since it correctly grants contents: write for release creation and uploading assets.

No new imports, methods, or additional definitions are required.

Suggested changeset 1
.github/workflows/make-release.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/make-release.yml b/.github/workflows/make-release.yml
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@@ -11,6 +11,9 @@
         required: false
         type: string
 
+permissions:
+  contents: read
+
 env:
   BUILD_TYPE: Release
   TAG_NAME: ${{ inputs.tag || github.ref_name }}
EOF
@@ -11,6 +11,9 @@
required: false
type: string

permissions:
contents: read

env:
BUILD_TYPE: Release
TAG_NAME: ${{ inputs.tag || github.ref_name }}
Copilot is powered by AI and may make mistakes. Always verify output.
@xianshijing-lk xianshijing-lk mentioned this pull request Dec 28, 2025
Closed
cloudwebrtc
cloudwebrtc approved these changes Dec 29, 2025
View reviewed changes
Copy link
Contributor

@cloudwebrtc cloudwebrtc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@xianshijing-lk xianshijing-lk merged commit fe55a9a into main Dec 30, 2025
5 checks passed
@xianshijing-lk xianshijing-lk deleted the sxian/CLT-2385/CLT-2386/add_windows_support_and_sdk_dist branch December 30, 2025 05:25
@xianshijing-lk xianshijing-lk mentioned this pull request Dec 30, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cloudwebrtc cloudwebrtc cloudwebrtc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xianshijing-lk @cloudwebrtc