From ed28bd2b52c62629f09f06aeaec05b70161d1240 Mon Sep 17 00:00:00 2001 From: Joachim Krech <8290187+jkrech@users.noreply.github.com> Date: Mon, 22 Jun 2026 14:47:11 +0200 Subject: [PATCH 1/6] Change label format in playback test sequence --- RockPaperScissors/AppKit-E8_USB/SDS.sdsio.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/RockPaperScissors/AppKit-E8_USB/SDS.sdsio.yml b/RockPaperScissors/AppKit-E8_USB/SDS.sdsio.yml index 379452a..833ad42 100644 --- a/RockPaperScissors/AppKit-E8_USB/SDS.sdsio.yml +++ b/RockPaperScissors/AppKit-E8_USB/SDS.sdsio.yml @@ -20,7 +20,8 @@ sdsio: # Defines a playback test sequence play: - step: "Test 0: ML_In.0.sds" - labels: [ 0 ] + labels: + - "0" - step: "Test 1: ML_In.rock.1.sds + ML_In.rock.2.sds + ML_In.rock.3.sds" labels: - rock.1 From 935a36b52376e788edd97df64757e7f2e44856c3 Mon Sep 17 00:00:00 2001 From: Sourabh Mehta Date: Mon, 22 Jun 2026 15:34:44 +0200 Subject: [PATCH 2/6] Block fork PRs from custom runner --- .github/workflows/Run_RPS_AppKit-E8.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index dea636c..4808695 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -27,8 +27,21 @@ permissions: actions: read jobs: + runner-blocked-for-forks: + name: Block fork PRs from custom runner + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_repository.full_name != github.repository }} + runs-on: ubuntu-latest + steps: + - name: Notify about runner restriction for fork PRs + run: | + echo " External contributors cannot run workflows on the Raspberry Pi custom runner and are intentionally restricted" + echo "Fork PRs use GitHub-hosted runners only." + CI: - if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success') }} + if: >- + ${{ github.event_name == 'workflow_dispatch' || + (github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.head_repository.full_name == github.repository) }} runs-on: [self-hosted, rsp-p5-01] steps: From 87641c677ec868209f2baba0ce7bfdc3d2650076 Mon Sep 17 00:00:00 2001 From: Sourabh Mehta <73165318+soumeh01@users.noreply.github.com> Date: Mon, 22 Jun 2026 16:10:59 +0200 Subject: [PATCH 3/6] Update workflow to remove branch restriction --- .github/workflows/Run_RPS_AppKit-E8.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index 4808695..a124231 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -20,7 +20,6 @@ on: workflow_run: workflows: ["Build RPS for AppKit-E8 Hardware"] types: [completed] - branches: [main] permissions: contents: read From b9443542e8fb0d5ce1d3be6cc55699ba9afa7b42 Mon Sep 17 00:00:00 2001 From: Sourabh Mehta Date: Mon, 22 Jun 2026 15:34:44 +0200 Subject: [PATCH 4/6] Block fork PRs from custom runner --- .github/workflows/Run_RPS_AppKit-E8.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index dea636c..4808695 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -27,8 +27,21 @@ permissions: actions: read jobs: + runner-blocked-for-forks: + name: Block fork PRs from custom runner + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_repository.full_name != github.repository }} + runs-on: ubuntu-latest + steps: + - name: Notify about runner restriction for fork PRs + run: | + echo " External contributors cannot run workflows on the Raspberry Pi custom runner and are intentionally restricted" + echo "Fork PRs use GitHub-hosted runners only." + CI: - if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success') }} + if: >- + ${{ github.event_name == 'workflow_dispatch' || + (github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.head_repository.full_name == github.repository) }} runs-on: [self-hosted, rsp-p5-01] steps: From 61416afe0babb975e0a5529408d73706287209ab Mon Sep 17 00:00:00 2001 From: Sourabh Mehta <73165318+soumeh01@users.noreply.github.com> Date: Mon, 22 Jun 2026 16:10:59 +0200 Subject: [PATCH 5/6] Update workflow to remove branch restriction --- .github/workflows/Run_RPS_AppKit-E8.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index 4808695..a124231 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -20,7 +20,6 @@ on: workflow_run: workflows: ["Build RPS for AppKit-E8 Hardware"] types: [completed] - branches: [main] permissions: contents: read From 15c618e36a546abb3c25d4adc36f863966467c0e Mon Sep 17 00:00:00 2001 From: Sourabh Mehta Date: Tue, 30 Jun 2026 10:22:22 +0200 Subject: [PATCH 6/6] Improved --- .github/workflows/Run_RPS_AppKit-E8.yml | 33 +++++++++++++++++-------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/.github/workflows/Run_RPS_AppKit-E8.yml b/.github/workflows/Run_RPS_AppKit-E8.yml index a124231..8326757 100644 --- a/.github/workflows/Run_RPS_AppKit-E8.yml +++ b/.github/workflows/Run_RPS_AppKit-E8.yml @@ -19,28 +19,41 @@ on: workflow_dispatch: workflow_run: workflows: ["Build RPS for AppKit-E8 Hardware"] - types: [completed] + branches: [ main ] + types: [ completed ] permissions: contents: read actions: read jobs: - runner-blocked-for-forks: - name: Block fork PRs from custom runner - if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_repository.full_name != github.repository }} + fork-restricted: + name: Private runner restricted + # trigger this only for forks, to prevent them from action runout + if: ${{ github.repository != 'Arm-Examples/ModelNova' }} runs-on: ubuntu-latest + steps: - - name: Notify about runner restriction for fork PRs + - name: Notify runner restriction run: | - echo " External contributors cannot run workflows on the Raspberry Pi custom runner and are intentionally restricted" - echo "Fork PRs use GitHub-hosted runners only." + MESSAGE="Workflows on the private runner are restricted for security reasons." + GUIDANCE="Contributors can validate changes using GitHub-hosted runners." + echo "${MESSAGE}" + echo "${GUIDANCE}" + { + echo "## ⚠️ Workflow was not run" + echo "" + echo "${MESSAGE}" + echo "" + echo "${GUIDANCE}" + } >> "$GITHUB_STEP_SUMMARY" + exit 1 CI: if: >- - ${{ github.event_name == 'workflow_dispatch' || + ${{ (github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.head_repository.full_name == github.repository) }} + github.event.workflow_run.head_repository.full_name == 'Arm-Examples/ModelNova')) }} runs-on: [self-hosted, rsp-p5-01] steps: @@ -68,7 +81,7 @@ jobs: nohup pyocd run --uid L96807771A --cbuild-run SDS+AppKit-E8-U85.cbuild-run.yml --timelimit 30 --eot > pyocd.out 2>&1 & - name: Start the SDSIO server on the Raspberry Pi - working-directory: ./RockPaperScissors/AppKit-E8_USB + working-directory: ./RockPaperScissors/AppKit-E8_USB run: | sleep 2 # Delay to ensure that pyOCD is started sdsio-server --control SDS.sdsio.yml --playback --exit-after-playback --no-progress-info | tee sdsio-server.log