From dc814c626ddfc10d91abc6e9f45409db17ea25be Mon Sep 17 00:00:00 2001
From: Matthieu Gautier <mgautier@kymeria.fr>
Date: Wed, 28 Sep 2022 15:11:08 +0200
Subject: [PATCH] Upload read-only archive.

By uploading read-only archive, we prevent potential (implicit) re-upload.

A re-upload will always be possible if we remove the archive and rerun
the workflow. But it will be clearly explicit in this case.
---
 .github/scripts/common.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/scripts/common.py b/.github/scripts/common.py
index d41b30d..1f9d307 100644
--- a/.github/scripts/common.py
+++ b/.github/scripts/common.py
@@ -226,7 +226,7 @@ def upload(file_to_upload, host, dest_path):
 
     command = [
         "scp",
-        "-r",
+        "-rp",
         "-P",
         port,
         "-i",
@@ -241,6 +241,10 @@ def upload(file_to_upload, host, dest_path):
 
 
 def upload_archive(archive, project, make_release):
+    if not archive.exists():
+        print_message("No archive {} to upload!", archive)
+        return
+
     if project.startswith("kiwix-") or project in ['libkiwix']:
         host = "ci@master.download.kiwix.org:30022"
         dest_path = "/data/download/"
@@ -253,6 +257,10 @@ def upload_archive(archive, project, make_release):
     else:
         dest_path = dest_path + "nightly/" + DATE
 
+    # Make the archive read only. This way, scp will preserve rights.
+    # If somehow we try to upload twice the same archive, scp will fails.
+    archive.chmod(0o444)
+
     upload(archive, host, dest_path)