git clean can't deal with junctions and in case there is a loop
it follows them forever (or until stack overflow).
https://github.com/git-for-windows/git/issues/5320
To work around this try to delete all junctions in the clean
re-try code path.
Fixes#108
As found out here, os.walk() by default follows junctions, which we don't
want and can even lead to loops:
https://github.com/msys2/msys2-autobuild/issues/101#issuecomment-2583121845
Integrate the workaround mentioned in the CPython bug report:
https://github.com/python/cpython/issues/67596#issuecomment-1918112817
Since this is Python 3.12+ only and we still support 3.10 make
it optional though.
This also adds tests, which uncovered some other minor issues:
It was not chmoding top-down, which meant that os.walk would
skip things if there were no read permissions. So chmod before
os.walk() lists the dir.
Instead of giving all jobs write permissions, default to no permissions
and enable them on a per-job basis.
This does not change anything for us, but avoids accidental write
permissions if a new job gets added without considering that it inherits
the top level permissions, even if it doesn't need them.
See https://woodruffw.github.io/zizmor/audits/#excessive-permissions
To avoid writing the token to disk. It still gets exposed via env vars
to various steps, but this removes the access from any steps before that.
As recommeded by the zizmor scanner
The pkgbase was renamed from mingw-w64-clang to mingw-w64-llvm, but this still had the old name, requiring manual specification of breaking the cycle with libc++
We only looked at the dependencies of a package that are needed for building,
but for detecting build cycles we also have to look at all transitive deps.
Unless the dependency is already finished, then we can ignore its build deps,
even if they are not finished yet.
The test shows such a case where things indirectly create a cycle via cmake.
Fixes#91
Test them before moving them to the final location.
This makes the download fial of there is some file corruption etc.
This adds a dependency on the zstd exectuable for the fetch-assets
command.
Motivated by https://github.com/msys2/msys2-main-server/issues/42
Due to actions/setup-python#819, it fails to install python on a Windows
11 (or presumably Server 2022) self-hosted runner, when a suitable
version of python was not already installed.
Closes#85
This partially reverts commit d5779cd65dbe2e5dceb418c040b7d0d505372294.
