Conversation
…e-Engine into develop
…e-Engine into develop
…e-Engine into develop
Added a step to create a swapfile on the runner to help avoid out-of-memory issues during linking.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| strategy: | ||
| matrix: | ||
| include: | ||
| - runs_on: ubuntu-24.04 | ||
| arch: x64 | ||
| platform: linux/amd64 | ||
|
|
||
| runs-on: ${{ matrix.runs_on }} | ||
|
|
||
| steps: | ||
| - name: Free Disk Space on Host | ||
| uses: jlumbroso/free-disk-space@main | ||
| with: | ||
| tool-cache: true | ||
| android: true | ||
| dotnet: true | ||
| haskell: true | ||
| large-packages: true | ||
| docker-images: false | ||
| swap-storage: true | ||
|
|
||
| - uses: actions/checkout@v6.0.0 | ||
| with: | ||
| fetch-depth: 0 | ||
| submodules: recursive | ||
|
|
||
| - name: Create swapfile on runner (helps avoid OOM during linking) | ||
| run: | | ||
| # create 6 GiB swapfile (falls back to dd if fallocate fails) | ||
| sudo swapoff -a || true | ||
| if sudo test -f /swapfile; then | ||
| echo "/swapfile already exists" | ||
| else | ||
| if sudo fallocate -l 6G /swapfile; then | ||
| echo "fallocate succeeded" | ||
| else | ||
| echo "fallocate failed, using dd" | ||
| sudo dd if=/dev/zero of=/swapfile bs=1M count=6144 | ||
| fi | ||
| sudo chmod 600 /swapfile | ||
| sudo mkswap /swapfile | ||
| sudo swapon /swapfile | ||
| echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab | ||
| fi | ||
| swapon --show || true | ||
| free -h || true | ||
|
|
||
| - name: Login to GitHub Container Registry | ||
| run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | ||
|
|
||
| - name: Pull container image | ||
| run: | | ||
| for i in 1 2 3; do | ||
| echo "Attempt $i to pull container..." | ||
| if timeout 900 docker pull ghcr.io/kataglyphis/kataglyphis_beschleuniger:latest; then | ||
| echo "Successfully pulled container" | ||
| exit 0 | ||
| fi | ||
| echo "Pull failed, waiting before retry..." | ||
| sleep 30 | ||
| done | ||
| echo "Failed to pull container after 3 attempts" | ||
| exit 1 | ||
|
|
||
| - name: Setup Flutter in container | ||
| run: | | ||
| docker run --rm \ | ||
| --platform ${{ matrix.platform }} \ | ||
| -v ${{ github.workspace }}:/workspace \ | ||
| -w /workspace \ | ||
| -e FLUTTER_VERSION=${{ env.FLUTTER_VERSION }} \ | ||
| -e MATRIX_ARCH=${{ matrix.arch }} \ | ||
| ghcr.io/kataglyphis/kataglyphis_beschleuniger:latest \ | ||
| bash -lc ' | ||
| set -e | ||
| git config --global --add safe.directory /workspace || true | ||
| git config --global --add safe.directory /workspace/flutter || true | ||
|
|
||
| chmod +x scripts/linux/setup-flutter-x86-64.sh | ||
| ./scripts/linux/setup-flutter-x86-64.sh $FLUTTER_VERSION | ||
| ' | ||
|
|
||
| - name: Run Flutter checks and tests | ||
| run: | | ||
| docker run --rm \ | ||
| --platform ${{ matrix.platform }} \ | ||
| -v ${{ github.workspace }}:/workspace \ | ||
| -w /workspace \ | ||
| ghcr.io/kataglyphis/kataglyphis_beschleuniger:latest \ | ||
| bash -lc ' | ||
| set -e | ||
| export PATH="$PWD/flutter/bin:$PATH" | ||
| git config --global --add safe.directory /workspace || true | ||
| git config --global --add safe.directory /workspace/flutter || true | ||
| flutter pub get | ||
| dart format --output=none --set-exit-if-changed . || true | ||
| dart analyze || true | ||
| flutter test || true | ||
| flutter config --enable-android | ||
| ' | ||
|
|
||
| - name: Build Flutter Android app | ||
| run: | | ||
| docker run --rm \ | ||
| --platform ${{ matrix.platform }} \ | ||
| -v ${{ github.workspace }}:/workspace \ | ||
| -w /workspace \ | ||
| -e APP_NAME=${{ env.APP_NAME }} \ | ||
| -e MATRIX_ARCH=${{ matrix.arch }} \ | ||
| ghcr.io/kataglyphis/kataglyphis_beschleuniger:latest \ | ||
| bash -lc ' | ||
| set -e | ||
| export PATH="$PWD/flutter/bin:$PATH" | ||
| git config --global --add safe.directory /workspace || true | ||
| git config --global --add safe.directory /workspace/flutter || true | ||
|
|
||
| flutter build apk --release | ||
| ' | ||
|
|
||
| - name: Package build artifacts | ||
| run: | | ||
| docker run --rm \ | ||
| --platform ${{ matrix.platform }} \ | ||
| -v ${{ github.workspace }}:/workspace \ | ||
| -w /workspace \ | ||
| -e APP_NAME=${{ env.APP_NAME }} \ | ||
| -e MATRIX_ARCH=${{ matrix.arch }} \ | ||
| ghcr.io/kataglyphis/kataglyphis_beschleuniger:latest \ | ||
| bash -lc ' | ||
| set -e | ||
| rm -rf build/linux/$MATRIX_ARCH/release/obj || true | ||
| rm -rf ~/.pub-cache/hosted || true | ||
| mkdir -p out | ||
| cp -r build/app/outputs/flutter-apk out/${APP_NAME}-bundle | ||
| tar -C out -czf ${APP_NAME}-linux-$MATRIX_ARCH.tar.gz ${APP_NAME}-bundle | ||
| ' | ||
|
|
||
| - name: Upload artifact | ||
| uses: actions/upload-artifact@v6.0.0 | ||
| with: | ||
| name: ${{ env.APP_NAME }}-linux-${{ matrix.arch }}-tar | ||
| path: ${{ env.APP_NAME }}-linux-${{ matrix.arch }}.tar.gz | ||
|
|
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
In general, the fix is to explicitly declare the minimal GITHUB_TOKEN permissions required by this workflow. Since the job only checks out code, runs Dockerized build/tests, and uploads artifacts, it only needs read access to repository contents; it does not need to write to the repo, issues, or pull requests.
The best fix with minimal impact is to add a permissions block at the workflow root (top level, alongside on: and env:). This will apply to all jobs within this workflow (there is only the build job) and ensure GITHUB_TOKEN is restricted to contents: read. Concretely, in .github/workflows/dart_build_android_app.yml, between the on: block (lines 8–12) and the env: block (lines 14–17), insert:
permissions:
contents: readNo additional methods, imports, or configuration are required; this is purely a YAML workflow configuration change.
| @@ -11,6 +11,9 @@ | ||
| pull_request: | ||
| branches: ["main", "develop"] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| env: | ||
| APP_NAME: kataglyphis-inference-engine-apk | ||
| FLUTTER_VERSION: 3.38.7 # change here to update version for the whole workflow |
| name: 🚀 Deploy website on push | ||
| #runs-on: windows-latest | ||
| runs-on: ubuntu-24.04 | ||
| steps: | ||
| - name: 🚚 Get latest code | ||
| uses: actions/checkout@v6.0.1 | ||
| with: | ||
| fetch-depth: 0 | ||
| submodules: recursive | ||
|
|
||
| - name: Setup Flutter SDK | ||
| uses: flutter-actions/setup-flutter@v4.1 | ||
| with: | ||
| channel: stable | ||
| version: 3.38.5 | ||
|
|
||
| # git submodule update --init --recursive | ||
| - name: Install dependencies | ||
| run: | | ||
| flutter pub get | ||
| cd ExternalLib/jotrockenmitlockenrepo | ||
| flutter pub get | ||
|
|
||
| # Uncomment this step to verify the use of 'dart format' on each commit. | ||
| - name: Verify formatting | ||
| continue-on-error: true | ||
| run: dart format --output=none --set-exit-if-changed . | ||
|
|
||
| # Consider passing '--fatal-infos' for slightly stricter analysis. | ||
| - name: Analyze project source | ||
| continue-on-error: true | ||
| run: dart analyze | ||
|
|
||
| # Your project will need to have tests in test/ and a dependency on | ||
| # package:test for this step to succeed. Note that Flutter projects will | ||
| # want to change this to 'flutter test'. | ||
| - name: Run tests | ||
| continue-on-error: true | ||
| run: | | ||
| flutter test | ||
|
|
||
| - name: Enable flutter web | ||
| run: | | ||
| rustup component add rust-src --toolchain nightly-x86_64-unknown-linux-gnu | ||
| rustup target add wasm32-unknown-unknown --toolchain nightly | ||
| cargo install flutter_rust_bridge_codegen | ||
| flutter config --enable-web | ||
|
|
||
| - name: "Build Web App" | ||
| run: | | ||
| flutter_rust_bridge_codegen build-web \ | ||
| --wasm-pack-rustflags "-Ctarget-feature=+atomics -Clink-args=--shared-memory -Clink-args=--max-memory=1073741824 -Clink-args=--import-memory -Clink-args=--export=__wasm_init_tls -Clink-args=--export=__tls_size -Clink-args=--export=__tls_align -Clink-args=--export=__tls_base" \ | ||
| --release \ | ||
| --rust-root ExternalLib/Kataglyphis-RustProjectTemplate | ||
| flutter build web --release --wasm | ||
|
|
||
| - name: Upload Web App Files for Deployment | ||
| uses: actions/upload-artifact@v6.0.0 | ||
| with: | ||
| name: gstreamer-ai-web-frontend | ||
| path: ${{ env.BUILD_DIR_RELEASE }}/** | ||
| if-no-files-found: error |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
In general, fix this by adding an explicit permissions: block that grants only the minimal required scopes to GITHUB_TOKEN. You can add it at the root level (applies to all jobs) or inside the specific job. Since this workflow has a single job and it only needs to read repository contents (for actions/checkout) and upload build artifacts (which does not require repo write permissions), the best minimal configuration is permissions: contents: read.
Concretely, edit .github/workflows/dart_on_web_linux.yml and add:
- A
permissions:block at the root, betweenname:andenv:(or betweenname:andon:; either is valid), settingcontents: read.
No additional imports, methods, or other definitions are needed; this is purely a YAML configuration change.
| @@ -5,6 +5,9 @@ | ||
|
|
||
| name: Build + test + run for web | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| env: | ||
| LOCAL_ASSETS_FOLDER: "assets" | ||
| BUILD_DIR_RELEASE: "build/web" |
There was a problem hiding this comment.
Pull request overview
This pull request refactors the project structure by reorganizing Rust dependencies, updating configurations, and streamlining the web frontend. The changes focus on moving from an embedded Rust directory to an external Rust project template structure, updating Flutter and dependency versions, and removing several data-related pages from the application.
Changes:
- Migrated Rust integration from embedded
rust/directory to externalExternalLib/Kataglyphis-RustProjectTemplatepath - Updated Flutter SDK requirement from 3.35.6 to 3.38.3/3.38.7 and bumped various dependency versions
- Removed Books, Films, Games, and Quotes pages along with their configurations, simplifying the application to focus on Stream, Landing, and About Me pages
Reviewed changes
Copilot reviewed 162 out of 307 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| web/javascript/webrtc/gstwebrtc-api-3.0.0.esm.js | Added WebRTC API library for streaming functionality |
| web/javascript/utils.js | New utility for multi-language message handling |
| web/javascript/cookies.js | Cookie consent management implementation |
| web/index.html | Enhanced with WebRTC support, cookie notice, and loading animations |
| scripts/windows/build-windows.ps1 | Refactored build script with parameterization and improved error handling |
| scripts/windows/add-gstreamer-to-path.ps1 | New script for GStreamer environment configuration |
| scripts/linux/setup-flutter-*.sh | Updated Flutter version from 3.35.6 to 3.38.3 |
| scripts/ai/demo_*.py | Added various AI demo scripts for YOLO integration with GStreamer |
| pubspec.yaml | Updated dependencies and renamed Rust package reference |
| rust_builder/* | Updated Rust builder configurations to point to external template |
| lib/src/rust/* | Updated generated Rust bridge code with new API methods |
| lib/Pages/StreamPage/* | Added WebRTC view implementation with platform-specific variants |
| lib/Pages/DataPage/* | Removed Books, Films, Games, Quotes pages and related configurations |
| lib/Routing/jotrockenmitlocken_router.dart | Reordered navigation to prioritize Stream page and removed data pages |
| macos/* | Removed entire macOS platform support directory |
Files not reviewed (3)
- ios/Runner.xcodeproj/project.xcworkspace/contents.xcworkspacedata: Language not supported
- ios/Runner.xcworkspace/contents.xcworkspacedata: Language not supported
- macos/Runner.xcworkspace/contents.xcworkspacedata: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const notice = document.getElementById('cookie-notice'); | ||
| const consentBtn = document.getElementById('cookie-consent'); | ||
| const cookieKey = 'cookie-consent'; | ||
| const cookieConsentValue = 'true' |
There was a problem hiding this comment.
Missing semicolon at the end of the statement. While JavaScript has automatic semicolon insertion, explicit semicolons improve code consistency with the rest of the file.
| const cookieConsentValue = 'true' | |
| const cookieConsentValue = 'true'; |
|
|
||
| switch (language) { | ||
| case "de": | ||
| message=messageDe |
There was a problem hiding this comment.
Missing spaces around the assignment operator. Add spaces before and after = for consistency with line 17 and standard JavaScript style conventions.
| message=messageDe | |
| message = messageDe |
| console.warn('SharedArrayBuffer nicht verfügbar'); | ||
| } else { | ||
| console.log('SharedArrayBuffer verfügbar'); |
There was a problem hiding this comment.
The console message is in German ("nicht verfügbar") while the corresponding else block on line 98 is in English ("verfügbar"). Consider using English consistently for console messages to maintain code readability across international teams.
| console.warn('SharedArrayBuffer nicht verfügbar'); | |
| } else { | |
| console.log('SharedArrayBuffer verfügbar'); | |
| console.warn('SharedArrayBuffer not available'); | |
| } else { | |
| console.log('SharedArrayBuffer available'); |
scripts/windows/build-windows.ps1
Outdated
| param([Parameter(Mandatory=$true)][string]$Path) | ||
|
|
||
| if (-not (Test-Path $Path)) { | ||
| Write-Host "Build root existiert nicht: $Path" |
There was a problem hiding this comment.
German text "existiert nicht" in an otherwise English codebase. Change to "Build root does not exist: $Path" for consistency.
| Write-Host "Build root existiert nicht: $Path" | |
| Write-Host "Build root does not exist: $Path" |
scripts/windows/build-windows.ps1
Outdated
| # Beende potentiell sperrrende Prozesse | ||
| Write-Host "Beende potentiell sperrrende Prozesse..." |
There was a problem hiding this comment.
Contains a typo "sperrrende" (three r's) and uses German. Should be "Terminate potentially blocking processes" in English.
| # Beende potentiell sperrrende Prozesse | |
| Write-Host "Beende potentiell sperrrende Prozesse..." | |
| # Terminate potentially blocking processes | |
| Write-Host "Terminating potentially blocking processes..." |
| _video = web.HTMLVideoElement() | ||
| ..autoplay = true | ||
| ..muted = | ||
| true // helps autoplay |
There was a problem hiding this comment.
The comment on line 43 explains why muted is set to true, but lacks complete context. Consider expanding: "// Muted required for autoplay to work in most browsers without user interaction" for better clarity.
| true // helps autoplay | |
| true // Required by most browser autoplay policies to allow autoplay without prior user interaction |
Added debug echo statements to check Flutter path and existence.
Updated script to verify Flutter installation and build process.
Added permission handling and ownership fixes for Flutter executable.
1 participant
No description provided.