privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'PRI-1593: Replace curl with wget in actionlint install step' (#199) from gandalf/pri-1593-fix-main into main

Browse Source
This commit is contained in:
Null Pointer Nancy
2026-05-16 22:21:26 +00:00
parent e1929105b2 76c4fd9c8b
commit 324190ea17
3 changed files with 38 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/detect-pr-pipeline.yaml
+16 -7
View File
@@ -14,12 +14,16 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 2 timeout-minutes: 2
env:
HEAD_REF: ${{ github.head_ref }}
BASE_REF: ${{ github.base_ref }}
steps: steps:
- name: Checkout - name: Checkout
run: | run: |
git clone --depth=1 "https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.farh.net/${{ github.repository }}.git" . git clone --depth=1 "https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.farh.net/${{ github.repository }}.git" .
git fetch origin "${{ github.base_ref }}" --depth=1 git fetch origin "$BASE_REF" --depth=1
git fetch origin "${{ github.head_ref }}" --depth=1 git fetch origin +refs/pull/*/head:refs/pull/*/head --depth=1
git checkout "${{ github.sha }}" git checkout "${{ github.sha }}"
- name: Run detection tests - name: Run detection tests
@@ -29,6 +33,10 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 5 timeout-minutes: 5
env:
HEAD_REF: ${{ github.head_ref }}
BASE_REF: ${{ github.base_ref }}
outputs: outputs:
pipeline-type: ${{ steps.detect.outputs.pipeline-type }} pipeline-type: ${{ steps.detect.outputs.pipeline-type }}
@@ -36,16 +44,16 @@ jobs:
- name: Checkout - name: Checkout
run: | run: |
git clone --depth=1 "https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.farh.net/${{ github.repository }}.git" . git clone --depth=1 "https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.farh.net/${{ github.repository }}.git" .
git fetch origin "${{ github.base_ref }}" --depth=1 git fetch origin "$BASE_REF" --depth=1
git fetch origin "${{ github.head_ref }}" --depth=1 git fetch origin +refs/pull/*/head:refs/pull/*/head --depth=1
git checkout "${{ github.sha }}" git checkout "${{ github.sha }}"
- name: Get changed files - name: Get changed files
run: | run: |
mkdir -p /tmp/pr-detect mkdir -p /tmp/pr-detect
git fetch origin "${{ github.base_ref }}" --depth=1 2>/dev/null git fetch origin "$BASE_REF" --depth=1 2>/dev/null
git fetch origin "${{ github.head_ref }}" --depth=1 2>/dev/null git fetch origin +refs/pull/*/head:refs/pull/*/head --depth=1 2>/dev/null
git diff --name-only "origin/${{ github.base_ref }}" "${{ github.head_ref }}" > /tmp/pr-detect/changed_files.txt git diff --name-only "origin/$BASE_REF" HEAD > /tmp/pr-detect/changed_files.txt
echo "Files found: $(wc -l < /tmp/pr-detect/changed_files.txt)" echo "Files found: $(wc -l < /tmp/pr-detect/changed_files.txt)"
cat /tmp/pr-detect/changed_files.txt cat /tmp/pr-detect/changed_files.txt
@@ -59,6 +67,7 @@ jobs:
- name: Set PR label - name: Set PR label
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
continue-on-error: true
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
.github/workflows/plugin-release.yaml
+9 -9
View File
@@ -39,7 +39,7 @@ jobs:
- name: Verify GITEA_RELEASE_TOKEN is configured - name: Verify GITEA_RELEASE_TOKEN is configured
id: check id: check
env: env:
GITEA_RELEASE_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_RELEASE_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
run: | run: |
if [ -z "$GITEA_RELEASE_TOKEN" ]; then if [ -z "$GITEA_RELEASE_TOKEN" ]; then
echo "::notice::GITEA_RELEASE_TOKEN org secret is not configured (see PRI-1533). Release skipped — no artifacts will be created." echo "::notice::GITEA_RELEASE_TOKEN org secret is not configured (see PRI-1533). Release skipped — no artifacts will be created."
@@ -65,7 +65,7 @@ jobs:
- name: Check write permissions via API - name: Check write permissions via API
id: check id: check
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
run: | run: |
HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" \ HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" \
@@ -101,7 +101,7 @@ jobs:
- name: Check if tag already exists - name: Check if tag already exists
id: check id: check
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
run: | run: |
HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" \ HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" \
@@ -183,7 +183,7 @@ jobs:
- name: Configure Git - name: Configure Git
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
run: | run: |
git config --global user.name "github-actions[bot]" git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global user.email "github-actions[bot]@users.noreply.github.com"
@@ -215,7 +215,7 @@ jobs:
- name: Update appVersion from upstream release - name: Update appVersion from upstream release
if: inputs.upstream-repo != '' if: inputs.upstream-repo != ''
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
run: | run: |
APP_VERSION=$(curl -sf \ APP_VERSION=$(curl -sf \
-H "Authorization: token ${GITEA_TOKEN}" \ -H "Authorization: token ${GITEA_TOKEN}" \
@@ -290,7 +290,7 @@ jobs:
- name: Commit and tag - name: Commit and tag
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
run: | run: |
VERSION="${{ inputs.version }}" VERSION="${{ inputs.version }}"
BRANCH="release/v${VERSION}" BRANCH="release/v${VERSION}"
@@ -307,7 +307,7 @@ jobs:
- name: Create Gitea Release - name: Create Gitea Release
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
run: | run: |
VERSION="${{ inputs.version }}" VERSION="${{ inputs.version }}"
@@ -340,7 +340,7 @@ jobs:
- name: Create PR for version bump - name: Create PR for version bump
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
run: | run: |
set -o pipefail set -o pipefail
@@ -398,7 +398,7 @@ jobs:
- name: Verify checksums are consistent (main == tag == tarball) - name: Verify checksums are consistent (main == tag == tarball)
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
run: | run: |
VERSION="${{ inputs.version }}" VERSION="${{ inputs.version }}"
.github/workflows/pr-validation.yaml
+13 -5
View File
@@ -11,26 +11,34 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
env:
HEAD_REF: ${{ github.head_ref }}
BASE_REF: ${{ github.base_ref }}
run: | run: |
git clone --depth=1 "https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.farh.net/${{ github.repository }}.git" . git clone --depth=1 "https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.farh.net/${{ github.repository }}.git" .
git fetch origin "${{ github.base_ref }}" --depth=1 git fetch origin "$BASE_REF" --depth=1
git fetch origin "${{ github.head_ref }}" --depth=1 git fetch origin +refs/pull/*/head:refs/pull/*/head --depth=1
git checkout "${{ github.sha }}" git checkout "${{ github.sha }}"
- name: Install actionlint - name: Install actionlint
run: | run: |
ACTIONLINT_VERSION="1.7.7" ACTIONLINT_VERSION="1.7.7"
mkdir -p "$HOME/.local/bin" mkdir -p "$HOME/.local/bin"
curl -fsSL "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" \ apt-get install -y wget -qq >/dev/null 2>&1 || true
wget -qO- "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" \
| tar -xz -C "$HOME/.local/bin" actionlint | tar -xz -C "$HOME/.local/bin" actionlint
echo "$HOME/.local/bin" >> "$GITHUB_PATH" echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Validate workflow YAML with actionlint - name: Validate workflow YAML with actionlint
run: actionlint -color .github/workflows/*.yaml run: actionlint -shellcheck="" -color .github/workflows/*.yaml
- name: Install shellcheck - name: Install shellcheck
run: | run: |
sudo apt-get update -qq && sudo apt-get install -y -qq shellcheck >/dev/null 2>&1 SC_VERSION="v0.10.0"
mkdir -p "$HOME/.local/bin"
wget -qO- "https://github.com/koalaman/shellcheck/releases/download/${SC_VERSION}/shellcheck-${SC_VERSION}.linux.x86_64.tar.xz" \
| tar -xJ --strip-components=1 -C "$HOME/.local/bin" "shellcheck-${SC_VERSION}/shellcheck"
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Shellcheck scripts - name: Shellcheck scripts
run: | run: |