From f1c1668621526d2e0c5bc56d0aad3008547f9130 Mon Sep 17 00:00:00 2001
From: Alessandro <umpire274@gmail.com>
Date: Tue, 16 Dec 2025 17:27:46 +0100
Subject: [PATCH 1/2] Create aur.yml

---
 .github/workflows/aur.yml | 75 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 .github/workflows/aur.yml

diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml
new file mode 100644
index 0000000..77d85ec
--- /dev/null
+++ b/.github/workflows/aur.yml
@@ -0,0 +1,75 @@
+name: AUR packaging (rbackup)
+
+on:
+  workflow_dispatch:
+
+jobs:
+  aur:
+    runs-on: ubuntu-latest
+    container:
+      image: archlinux:base-devel
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Init pacman
+        run: |
+          set -euxo pipefail
+          pacman -Sy --noconfirm
+          pacman -S --noconfirm git sudo fakeroot binutils
+
+      - name: Prepare build user
+        run: |
+          set -euxo pipefail
+          useradd -m builder
+          passwd -d builder
+          echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+      - name: Write PKGBUILD
+        shell: bash
+        run: |
+          set -euxo pipefail
+
+          WORKDIR="$GITHUB_WORKSPACE/aur/rbackup"
+          mkdir -p "$WORKDIR"
+
+          cat > "$WORKDIR/PKGBUILD" <<'EOF'
+          pkgname=rbackup
+          pkgver=0.6.1
+          pkgrel=1
+          pkgdesc="Fast incremental backup tool written in Rust"
+          arch=("x86_64")
+          url="https://github.com/umpire274/rbackup"
+          license=("MIT")
+          
+          source=(
+            "rbackup-${pkgver}-x86_64-unknown-linux-gnu.tar.gz::https://github.com/umpire274/rbackup/releases/download/v${pkgver}/rbackup-${pkgver}-x86_64-unknown-linux-gnu.tar.gz"
+          )
+          
+          sha256sums=(
+            "f253bbec68fd3fe9f9531dac22a500639094c6847a65d8640bb89c7605dbb3ce"
+          )
+          
+          package() {
+            install -Dm755 rbackup "${pkgdir}/usr/bin/rbackup"
+            install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/rbackup/LICENSE"
+            install -Dm644 README.md "${pkgdir}/usr/share/doc/rbackup/README.md"
+            install -Dm644 CHANGELOG.md "${pkgdir}/usr/share/doc/rbackup/CHANGELOG.md"
+          }
+          EOF
+
+      - name: Generate SRCINFO
+        run: |
+          set -euxo pipefail
+
+          WORKDIR="$GITHUB_WORKSPACE/aur/rbackup"
+          chown -R builder:builder "$WORKDIR"
+
+          su - builder -c "cd '$WORKDIR' && makepkg --printsrcinfo --nodeps > SRCINFO.txt"
+
+      - name: Upload SRCINFO artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: rbackup-srcinfo
+          path: aur/rbackup/SRCINFO.txt

From 3bda559f19899ab66e67778e8f0e60b77b70166e Mon Sep 17 00:00:00 2001
From: Alessandro <umpire274@gmail.com>
Date: Tue, 16 Dec 2025 17:29:37 +0100
Subject: [PATCH 2/2] Potential fix for code scanning alert no. 8: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/aur.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml
index 77d85ec..8f704fb 100644
--- a/.github/workflows/aur.yml
+++ b/.github/workflows/aur.yml
@@ -1,5 +1,8 @@
 name: AUR packaging (rbackup)
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch: