fluencelabs/rust-libp2p
1
0
Fork 0
mirror of https://github.com/fluencelabs/rust-libp2p synced 2025-05-04 07:02:16 +00:00
Code Issues Projects Releases Wiki Activity

fix(ci): use env variables to ensure escaping

Browse Source 
Environment variables are properly escaped in GitHub, thus reducing the risk of code injection.

Pull-Request: #3790.
This commit is contained in:
Thomas Eizinger 2023-05-02 18:36:35 +01:00 committed by GitHub
parent 4bd4653fa9
commit 62a06f9ac0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/ci.yml vendored
View File

@ -28,6 +28,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
crate: ${{ fromJSON(needs.gather_published_crates.outputs.members) }} crate: ${{ fromJSON(needs.gather_published_crates.outputs.members) }}
env:
CRATE: ${{ matrix.crate }}
steps: steps:
- name: Install Protoc - name: Install Protoc
run: sudo apt-get install -y protobuf-compiler run: sudo apt-get install -y protobuf-compiler
@ -44,39 +46,39 @@ jobs:
save-if: false save-if: false
- name: Run all tests - name: Run all tests
run: cargo test --package ${{ matrix.crate }} --all-features run: cargo test --package "$CRATE" --all-features
- name: Check if we compile without any features activated - name: Check if we compile without any features activated
run: cargo build --package ${{ matrix.crate }} --no-default-features run: cargo build --package "$CRATE" --no-default-features
- run: cargo clean - run: cargo clean
- name: Check if crate has been released - name: Check if crate has been released
id: check-released id: check-released
run: | run: |
RESPONSE_CODE=$(curl https://crates.io/api/v1/crates/${{ matrix.crate }} --silent --write-out "%{http_code}" --output /dev/null) RESPONSE_CODE=$(curl https://crates.io/api/v1/crates/"$CRATE" --silent --write-out "%{http_code}" --output /dev/null)
echo "code=${RESPONSE_CODE}" echo "code=${RESPONSE_CODE}"
echo "code=${RESPONSE_CODE}" >> $GITHUB_OUTPUT echo "code=${RESPONSE_CODE}" >> $GITHUB_OUTPUT
- uses: ./.github/actions/cargo-semver-checks - uses: ./.github/actions/cargo-semver-checks
if: steps.check-released.outputs.code == 200 # Workaround until https://github.com/obi1kenobi/cargo-semver-check/issues/146 is shipped. if: steps.check-released.outputs.code == 200 # Workaround until https://github.com/obi1kenobi/cargo-semver-check/issues/146 is shipped.
with: with:
crate: ${{ matrix.crate }} crate: env.CRATE
- name: Enforce no dependency on meta crate - name: Enforce no dependency on meta crate
run: | run: |
cargo metadata --format-version=1 --no-deps | \ cargo metadata --format-version=1 --no-deps | \
jq -e -r '.packages[] | select(.name == "${{ matrix.crate }}") | .dependencies | all(.name != "libp2p")' jq -e -r '.packages[] | select(.name == "'"$CRATE"'") | .dependencies | all(.name != "libp2p")'
- uses: taiki-e/cache-cargo-install-action@7dd0cff2732612ac642812bcec4ada5a279239ed # v1 - uses: taiki-e/cache-cargo-install-action@7dd0cff2732612ac642812bcec4ada5a279239ed # v1
with: with:
tool: tomlq tool: tomlq
- name: Enforce version in `workspace.dependencies` matches latest version - name: Enforce version in `workspace.dependencies` matches latest version
if: matrix.crate != 'libp2p' if: env.CRATE != 'libp2p'
run: | run: |
PACKAGE_VERSION=$(cargo metadata --format-version=1 --no-deps | jq -e -r '.packages[] | select(.name == "${{ matrix.crate }}") | .version') PACKAGE_VERSION=$(cargo metadata --format-version=1 --no-deps | jq -e -r '.packages[] | select(.name == "'"$CRATE"'") | .version')
SPECIFIED_VERSION=$(tomlq 'workspace.dependencies.${{ matrix.crate }}.version' --file ./Cargo.toml) SPECIFIED_VERSION=$(tomlq "workspace.dependencies.$CRATE.version" --file ./Cargo.toml)
echo "Package version: $PACKAGE_VERSION"; echo "Package version: $PACKAGE_VERSION";
echo "Specified version: $SPECIFIED_VERSION"; echo "Specified version: $SPECIFIED_VERSION";