Skip to content

Commit b30cad6

Browse files
astururasturur
authored
fix(): Fix some weaknesses in the changelog-update action ( various CWE ) (#10747)
1 parent 4657ee7 commit b30cad6

File tree

2 files changed

+17
-10
lines changed

2 files changed

+17
-10
lines changed

.github/workflows/changelog_upate.yml

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,25 +11,32 @@ jobs:
1111
env:
1212
file: CHANGELOG.md
1313
steps:
14+
- name: 'Create an empty tmp directory'
15+
run: |
16+
mkdir ${{ runner.temp }}/artifacts
1417
- name: Recover build stats
1518
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
1619
with:
1720
name: changelog_artifact
1821
run-id: ${{ github.event.workflow_run.id }}
1922
github-token: ${{ secrets.GITHUB_TOKEN }}
20-
path: ./
23+
path: ${{ runner.temp }}/artifacts
2124
- name: Parse the artifact in github output
2225
id: changelog_data
2326
run: |
24-
echo "log=$(cat ./changelog_artifact.txt | jq -r '.log')" >> $GITHUB_OUTPUT
25-
echo "prev_log=$(cat ./changelog_artifact.txt | jq -r '.prev_log')" >> $GITHUB_OUTPUT
26-
echo "full_name=$(cat ./changelog_artifact.txt | jq -r '.full_name')" >> $GITHUB_OUTPUT
27-
echo "pr_ref=$(cat ./changelog_artifact.txt | jq -r '.pr_ref')" >> $GITHUB_OUTPUT
27+
echo "log=$(cat ${{ runner.temp }}/artifacts/changelog_artifact.txt | jq -r '.log')" >> $GITHUB_OUTPUT
28+
echo "prev_log=$(cat ${{ runner.temp }}/artifacts/changelog_artifact.txt | jq -r '.prev_log')" >> $GITHUB_OUTPUT
29+
echo "full_name=$(cat ${{ runner.temp }}/artifacts/changelog_artifact.txt | jq -r '.full_name')" >> $GITHUB_OUTPUT
30+
echo "pr_ref=$(cat ${{ runner.temp }}/artifacts/changelog_artifact.txt | jq -r '.pr_ref')" >> $GITHUB_OUTPUT
2831
- name: Pull down the correct branch and repo
2932
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
3033
with:
3134
ref: ${{ steps.changelog_data.outputs.pr_ref }}
3235
repository: ${{ steps.changelog_data.outputs.full_name }}
36+
sparse-checkout: |
37+
${{ env.file }}
38+
.prettierrc
39+
.prettierignore
3340
- name: Update ${{ env.file }} from PR title
3441
id: update
3542
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v6.4.1
@@ -41,11 +48,11 @@ jobs:
4148
result-encoding: string
4249
script: |
4350
const fs = require('fs');
44-
const file = './${{ env.file }}';
51+
const file = process.ENV.file;
4552
let content = fs.readFileSync(file).toString();
46-
const title = '[${{ env.next_version }}]';
47-
const log = '${{ env.log }}';
48-
const prev_log = '${{ env.prev_log }}';
53+
const title = `[${process.ENV.next_version}]`;
54+
const log = process.ENV.log;
55+
const prev_log = process.ENV.prev_log;
4956
const prev_log_exists = prev_log && content.includes(prev_log);
5057
const log_exists = log && content.includes(log);
5158
let modified = false;
@@ -75,7 +82,6 @@ jobs:
7582
- name: Commit & Push
7683
if: fromJson(steps.update.outputs.result)
7784
run: |
78-
npm ci
7985
npx prettier --write ${{ env.file }}
8086
git diff
8187
git config user.name github-actions[bot]

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
## [next]
44

5+
- fix(): Fix some weaknesses in the changelog-update action ( various CWE ) [#10747](https://github.com/fabricjs/fabric.js/pull/10747)
56
- fix(): CWE-1333 CWE-400 CWE-730 Simplify some regexes in order to avoid slowness with craft bad string [#10746](https://github.com/fabricjs/fabric.js/pull/10746)
67
- fix(): CWE-1333 CWE-400 CWE-730 in Text.ts regex [#10745](https://github.com/fabricjs/fabric.js/pull/10745)
78
- ci(): fix CWE-829 in action build-stats [#10744](https://github.com/fabricjs/fabric.js/pull/10744)

0 commit comments

Comments
 (0)