From 7809b170112d74cb1a910081101ea497776050c8 Mon Sep 17 00:00:00 2001 From: Sourabh Mehta Date: Tue, 30 Jun 2026 10:52:36 +0200 Subject: [PATCH 1/5] Block Runs --- .github/workflows/Run_RPS_AppKit-E8.yml | 29 +++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index dea636c..c803e0e 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -27,8 +27,33 @@ permissions: actions: read jobs: + fork-restricted: + name: Private runner restricted + # trigger this only for forks, to prevent them from action runout + if: ${{ github.repository != 'Arm-Examples/ModelNova' }} + runs-on: ubuntu-latest + + steps: + - name: Notify runner restriction + run: | + MESSAGE="Workflows on the private runner are restricted for security reasons." + GUIDANCE="Contributors can validate changes using GitHub-hosted runners." + echo "${MESSAGE}" + echo "${GUIDANCE}" + { + echo "## ⚠️ AppKit-E8 hardware test was not run" + echo "" + echo "${MESSAGE}" + echo "" + echo "${GUIDANCE}" + } >> "$GITHUB_STEP_SUMMARY" + exit 1 + CI: - if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success') }} + if: >- + ${{ (github.event_name == 'workflow_dispatch' || + (github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.head_repository.full_name == 'Arm-Examples/ModelNova')) }} runs-on: [self-hosted, rsp-p5-01] steps: @@ -56,7 +81,7 @@ jobs: nohup pyocd run --uid L96807771A --cbuild-run SDS+AppKit-E8-U85.cbuild-run.yml --timelimit 30 --eot > pyocd.out 2>&1 & - name: Start the SDSIO server on the Raspberry Pi - working-directory: ./RockPaperScissors/AppKit-E8_USB + working-directory: ./RockPaperScissors/AppKit-E8_USB run: | sleep 2 # Delay to ensure that pyOCD is started sdsio-server --control SDS.sdsio.yml --playback --exit-after-playback --no-progress-info | tee sdsio-server.log From 4d85bce6add4af88dea27b5539a227e3aa166026 Mon Sep 17 00:00:00 2001 From: Sourabh Mehta Date: Tue, 30 Jun 2026 14:50:34 +0200 Subject: [PATCH 2/5] Chaining of the workflows --- .github/workflows/Build_RPS_AppKit-E8.yml | 9 ++++++++ .github/workflows/Run_RPS_AppKit-E8.yml | 26 ++++++----------------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/.github/workflows/Build_RPS_AppKit-E8.yml b/.github/workflows/Build_RPS_AppKit-E8.yml index 262ffd1..7d2db29 100644 --- a/.github/workflows/Build_RPS_AppKit-E8.yml +++ b/.github/workflows/Build_RPS_AppKit-E8.yml @@ -22,6 +22,10 @@ on: push: branches: [main] +permissions: + contents: read + actions: read + jobs: CI: runs-on: ubuntu-latest @@ -67,3 +71,8 @@ jobs: name: RPS_AppKit-E8-U85_HIL path: | ./RockPaperScissors/AppKit-E8_USB/out + + HARDWARE-RUN: + needs: [ CI ] + uses: ./.github/workflows/Run_RPS_AppKit-E8.yml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index c803e0e..f047411 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -17,43 +17,31 @@ name: Run RPS on AppKit-E8 Hardware on: workflow_dispatch: - workflow_run: - workflows: ["Build RPS for AppKit-E8 Hardware"] - types: [completed] - branches: [main] + workflow_call: permissions: contents: read actions: read jobs: - fork-restricted: - name: Private runner restricted - # trigger this only for forks, to prevent them from action runout - if: ${{ github.repository != 'Arm-Examples/ModelNova' }} + FORK-CHECK: + if: ${{ github.repository != 'Arm-Examples/ModelNova' && github.event_name == 'workflow_dispatch' }} runs-on: ubuntu-latest steps: - - name: Notify runner restriction + - name: Notify Runner Restriction run: | MESSAGE="Workflows on the private runner are restricted for security reasons." - GUIDANCE="Contributors can validate changes using GitHub-hosted runners." echo "${MESSAGE}" - echo "${GUIDANCE}" { echo "## ⚠️ AppKit-E8 hardware test was not run" echo "" echo "${MESSAGE}" - echo "" - echo "${GUIDANCE}" } >> "$GITHUB_STEP_SUMMARY" exit 1 CI: - if: >- - ${{ (github.event_name == 'workflow_dispatch' || - (github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.head_repository.full_name == 'Arm-Examples/ModelNova')) }} + if: ${{ ((github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' ) && github.repository == 'Arm-Examples/ModelNova') }} runs-on: [self-hosted, rsp-p5-01] steps: @@ -63,10 +51,8 @@ jobs: token: ${{ github.token }} - name: Download Build Artifact - if: ${{ github.event_name == 'workflow_run' }} - uses: dawidd6/action-download-artifact@v17 + uses: actions/download-artifact@v8 with: - run_id: ${{ github.event.workflow_run.id }} name: RPS_AppKit-E8-U85_HIL path: ./RockPaperScissors/AppKit-E8_USB/out From 6db1e0590ceb9c79ec63c87ce72afe58939e0fa6 Mon Sep 17 00:00:00 2001 From: Sourabh Mehta Date: Tue, 30 Jun 2026 14:50:34 +0200 Subject: [PATCH 3/5] Chaining of the workflows --- .github/workflows/Build_RPS_AppKit-E8.yml | 9 ++++++++ .github/workflows/Run_RPS_AppKit-E8.yml | 27 +++++------------------ 2 files changed, 15 insertions(+), 21 deletions(-) diff --git a/.github/workflows/Build_RPS_AppKit-E8.yml b/.github/workflows/Build_RPS_AppKit-E8.yml index 262ffd1..7d2db29 100644 --- a/.github/workflows/Build_RPS_AppKit-E8.yml +++ b/.github/workflows/Build_RPS_AppKit-E8.yml @@ -22,6 +22,10 @@ on: push: branches: [main] +permissions: + contents: read + actions: read + jobs: CI: runs-on: ubuntu-latest @@ -67,3 +71,8 @@ jobs: name: RPS_AppKit-E8-U85_HIL path: | ./RockPaperScissors/AppKit-E8_USB/out + + HARDWARE-RUN: + needs: [ CI ] + uses: ./.github/workflows/Run_RPS_AppKit-E8.yml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index c803e0e..d3cbfc8 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -16,44 +16,31 @@ name: Run RPS on AppKit-E8 Hardware on: - workflow_dispatch: - workflow_run: - workflows: ["Build RPS for AppKit-E8 Hardware"] - types: [completed] - branches: [main] + workflow_call: permissions: contents: read actions: read jobs: - fork-restricted: - name: Private runner restricted - # trigger this only for forks, to prevent them from action runout - if: ${{ github.repository != 'Arm-Examples/ModelNova' }} + FORK-CHECK: + if: ${{ github.repository != 'Arm-Examples/ModelNova' && github.event_name == 'workflow_dispatch' }} runs-on: ubuntu-latest steps: - - name: Notify runner restriction + - name: Notify Runner Restriction run: | MESSAGE="Workflows on the private runner are restricted for security reasons." - GUIDANCE="Contributors can validate changes using GitHub-hosted runners." echo "${MESSAGE}" - echo "${GUIDANCE}" { echo "## ⚠️ AppKit-E8 hardware test was not run" echo "" echo "${MESSAGE}" - echo "" - echo "${GUIDANCE}" } >> "$GITHUB_STEP_SUMMARY" exit 1 CI: - if: >- - ${{ (github.event_name == 'workflow_dispatch' || - (github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.head_repository.full_name == 'Arm-Examples/ModelNova')) }} + if: ${{ ((github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' ) && github.repository == 'Arm-Examples/ModelNova') }} runs-on: [self-hosted, rsp-p5-01] steps: @@ -63,10 +50,8 @@ jobs: token: ${{ github.token }} - name: Download Build Artifact - if: ${{ github.event_name == 'workflow_run' }} - uses: dawidd6/action-download-artifact@v17 + uses: actions/download-artifact@v8 with: - run_id: ${{ github.event.workflow_run.id }} name: RPS_AppKit-E8-U85_HIL path: ./RockPaperScissors/AppKit-E8_USB/out From 78b257fec67823d9ba3413cc14332271e563054e Mon Sep 17 00:00:00 2001 From: Sourabh Mehta <73165318+soumeh01@users.noreply.github.com> Date: Tue, 30 Jun 2026 15:48:38 +0200 Subject: [PATCH 4/5] Rename workflow for clarity --- .github/workflows/Build_RPS_AppKit-E8.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Build_RPS_AppKit-E8.yml b/.github/workflows/Build_RPS_AppKit-E8.yml index 7d2db29..938f7cd 100644 --- a/.github/workflows/Build_RPS_AppKit-E8.yml +++ b/.github/workflows/Build_RPS_AppKit-E8.yml @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Build RPS for AppKit-E8 Hardware +name: Build and Run RPS on AppKit-E8 Hardware on: workflow_dispatch: pull_request: @@ -75,4 +75,4 @@ jobs: HARDWARE-RUN: needs: [ CI ] uses: ./.github/workflows/Run_RPS_AppKit-E8.yml - secrets: inherit \ No newline at end of file + secrets: inherit From f8c8f3953dda89ff2fdad71c062a7cd01fb4f572 Mon Sep 17 00:00:00 2001 From: Sourabh Mehta <73165318+soumeh01@users.noreply.github.com> Date: Tue, 30 Jun 2026 16:13:11 +0200 Subject: [PATCH 5/5] Rename job FORK-CHECK to RUNNER-GATE --- .github/workflows/Run_RPS_AppKit-E8.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index d3cbfc8..9d46202 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -23,7 +23,7 @@ permissions: actions: read jobs: - FORK-CHECK: + RUNNER-GATE: if: ${{ github.repository != 'Arm-Examples/ModelNova' && github.event_name == 'workflow_dispatch' }} runs-on: ubuntu-latest