gh-actions: upload all generated apks

[ignoramous]

No description provided.

[Copilot]

Pull request overview

Updates the monthly alpha GitHub Actions workflow to upload all generated APK outputs as a single artifact (instead of picking the first APK), and adjusts the Telegram notification behavior accordingly.

Changes:

• Replace single-APK detection with a glob-based artifact upload of all *.apk outputs.
• Rename/adjust build variant env usage for the scheduled alpha build.
• Change Telegram notification to post a message linking to the uploaded artifact (and remove the GitHub Release upload step).

Comments suppressed due to low confidence (2)

.github/workflows/nightly.yml:97

• Sending the artifact URL via Telegram may not be actionable for recipients: GitHub Actions artifact download links typically require GitHub authentication/permissions and will expire per the artifact retention policy. If the goal is to distribute APKs externally, consider keeping the GitHub Release upload (assets are public for public repos) or using sendDocument to upload the APK(s) directly to Telegram instead of a link.

          # core.telegram.org/bots/api#sendmessage
          curl -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
           -d "chat_id=${TELEGRAM_CHAT_ID}" \
           -d "parse_mode=HTML" \
           --data-urlencode "text=<a href='${DOC}'>${NOM}</a>"

.github/workflows/nightly.yml:80

• This workflow bumps actions/upload-artifact to @v6, but the rest of the repo’s workflows pin to @v4 (e.g. .github/workflows/sa.yml:75, .github/workflows/scorecard.yml:58). Consider keeping the same major version across workflows (or document why this workflow needs a newer major), to avoid inconsistent behavior/inputs/outputs between pipelines.

      - name: 📜 Upload artifact
        uses: actions/upload-artifact@v6
        id: a3

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

@ignoramous I've opened a new pull request, #2564, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (3)

.github/workflows/nightly.yml:102

• The comment on this line says "sha256: ${CAP}" but CAP is set to the artifact-id (line 108), not a sha256 hash. If this code is uncommented in the future, consider updating the comment to accurately reflect what CAP contains, or compute an actual sha256 hash if that's what's intended.

          #  -F caption="sha256: ${CAP}" \

.github/workflows/nightly.yml:108

• The Telegram notification step references environment variables NOM, DOC, and CAP (lines 106-108) which are used in the curl command (line 97). However, since the curl command is using DOC for artifact-url and NOM for the artifact name, but CAP (artifact-id) is defined but never used, consider removing the unused CAP variable or adding a comment explaining why it's kept for future use.

        env:
          NOM: "rdns-alpha-${{ github.sha }}"
          DOC: ${{ steps.a3.outputs.artifact-url }}
          CAP: ${{ steps.a3.outputs.artifact-id }}

.github/workflows/nightly.yml:79

• The workflow uses upload-artifact@v6, but other workflows in the repository (sa.yml line 75, scorecard.yml line 58) still use upload-artifact@v4. Consider maintaining consistency across workflows by either upgrading all workflows to v6 or using v4 here.

        uses: actions/upload-artifact@v6

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.