Skip to content

Migrate libdav1d build pipeline to BuildShared and tighten workflow token permissions#3

Merged
cxfksword merged 6 commits intomainfrom
copilot/refactor-lcms2-build-integration
Apr 1, 2026
Merged

Migrate libdav1d build pipeline to BuildShared and tighten workflow token permissions#3
cxfksword merged 6 commits intomainfrom
copilot/refactor-lcms2-build-integration

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 1, 2026

This updates libdav1d-build to the shared MPVKit build/release flow and completes the migration by removing repo-local orchestration logic. It also resolves workflow security findings by explicitly scoping GITHUB_TOKEN permissions for reusable workflow jobs.

  • Build script migration to BuildShared

    • Sources/BuildScripts/Package.swift
      • adds executable product declaration
      • adds BuildShared dependency and target linkage
      • sets macOS platform metadata consistent with shared build scripts
    • Sources/BuildScripts/XCFrameworkBuild/main.swift
      • replaces local command parsing/execution path with BuildRunner.performCommand()
      • adopts BuildLibrary contract for Library
      • updates BuildDav1d init path to pass ArgumentOptions into BaseBuild
      • removes force-unwrap behavior in target URL generation and uses explicit precondition messaging for missing releaseVersion

  • Workflow consolidation to reusable BuildShared workflows

    • .github/workflows/build.yml
      • replaces bespoke build/release steps with mpvkit/BuildShared/.github/workflows/build.yml@main
      • passes library: libdav1d and dispatch version input
    • .github/workflows/check_version.yml
      • replaces custom version-check/PR logic with mpvkit/BuildShared/.github/workflows/check_version.yml@main
      • passes upstream source repo (videolan/dav1d) and library identifier

  • Security hardening for Actions token scope

    • adds explicit job-level permissions for reusable workflow invocations:
      • build job: contents: write
      • check_version job: contents: write, pull-requests: write

  • Repository hygiene/documentation alignment

    • removes obsolete local build implementation file:
      • Sources/BuildScripts/XCFrameworkBuild/base.swift
    • appends Sources/BuildScripts/Package.resolved to .gitignore
    • aligns README/docs template formatting/content with current MPVKit build-repo conventions
// Sources/BuildScripts/XCFrameworkBuild/main.swift
do {
    let options = try BuildRunner.performCommand()
    try BuildDav1d(options: options).buildALL()
} catch {
    print(error.localizedDescription)
    exit(1)
}

Copilot AI and others added 6 commits March 31, 2026 09:26
@cxfksword
refactor: migrate build scripts and workflows to BuildShared
9a2815c 
Agent-Logs-Url: https://github.com/mpvkit/libdav1d-build/sessions/d3ef942b-dd78-4c16-8d93-67aceeaaa85a

Co-authored-by: cxfksword <718792+cxfksword@users.noreply.github.com>
@cxfksword
chore: finalize docs template formatting update
8438d56 
Agent-Logs-Url: https://github.com/mpvkit/libdav1d-build/sessions/d3ef942b-dd78-4c16-8d93-67aceeaaa85a

Co-authored-by: cxfksword <718792+cxfksword@users.noreply.github.com>
@cxfksword
fix: avoid force unwrap in BuildShared release URL generation
172ea6c 
Agent-Logs-Url: https://github.com/mpvkit/libdav1d-build/sessions/d3ef942b-dd78-4c16-8d93-67aceeaaa85a

Co-authored-by: cxfksword <718792+cxfksword@users.noreply.github.com>
@cxfksword
fix: require initialized BuildRunner options for target URLs
8d82dd5 
Agent-Logs-Url: https://github.com/mpvkit/libdav1d-build/sessions/d3ef942b-dd78-4c16-8d93-67aceeaaa85a

Co-authored-by: cxfksword <718792+cxfksword@users.noreply.github.com>
@cxfksword
fix: add explicit token permissions to reusable workflows
20d4415 
Agent-Logs-Url: https://github.com/mpvkit/libdav1d-build/sessions/3007cad1-1654-4172-92cb-b238b78dbc5e

Co-authored-by: cxfksword <718792+cxfksword@users.noreply.github.com>
@cxfksword
chore: clarify releaseVersion precondition message
39a9d06 
Agent-Logs-Url: https://github.com/mpvkit/libdav1d-build/sessions/3007cad1-1654-4172-92cb-b238b78dbc5e

Co-authored-by: cxfksword <718792+cxfksword@users.noreply.github.com>
@cxfksword cxfksword marked this pull request as ready for review April 1, 2026 15:28
@cxfksword cxfksword merged commit fbe6705 into main Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@cxfksword cxfksword

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cxfksword