ARCHIVE/clio
1
0
Fork 0
mirror of https://github.com/XRPLF/clio.git synced 2025-12-06 17:27:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: Fix double quotes for all workflows and actions (#2090)

Browse Source 
Workaround potential vulnerabilities in workflows.
This commit is contained in:
Alex Kremer
2025-05-07 15:26:51 +01:00
committed by GitHub
parent 59d27db5ab
commit a60d01d272
12 changed files with 33 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/build_clio/action.yml vendored
View File

@@ -25,5 +25,5 @@ runs:
cd build cd build
cmake \ cmake \
--build . \ --build . \
--parallel ${{ steps.number_of_threads.outputs.threads_number }} \ --parallel "${{ steps.number_of_threads.outputs.threads_number }}" \
--target ${{ inputs.targets }} --target ${{ inputs.targets }}

2
.github/actions/create_issue/action.yml vendored
View File

@@ -36,6 +36,6 @@ runs:
--title '${{ inputs.title }}' \ --title '${{ inputs.title }}' \
--body-file ./issue.md \ --body-file ./issue.md \
> create_issue.log > create_issue.log
created_issue=$(cat create_issue.log | sed 's|.*/||') created_issue="$(sed 's|.*/||' create_issue.log)"
echo "created_issue=$created_issue" >> $GITHUB_OUTPUT echo "created_issue=$created_issue" >> $GITHUB_OUTPUT
rm create_issue.log issue.md rm create_issue.log issue.md

6
.github/actions/generate/action.yml vendored
View File

@@ -60,14 +60,14 @@ runs:
install .. \ install .. \
-of . \ -of . \
-b $BUILD_OPTION \ -b $BUILD_OPTION \
-s build_type=${{ inputs.build_type }} \ -s build_type="${{ inputs.build_type }}" \
-o clio:static="${STATIC_OPTION}" \ -o clio:static="${STATIC_OPTION}" \
-o clio:tests=True \ -o clio:tests=True \
-o clio:integration_tests="${INTEGRATION_TESTS_OPTION}" \ -o clio:integration_tests="${INTEGRATION_TESTS_OPTION}" \
-o clio:lint=False \ -o clio:lint=False \
-o clio:coverage="${CODE_COVERAGE}" \ -o clio:coverage="${CODE_COVERAGE}" \
-o clio:time_trace="${TIME_TRACE}" \ -o clio:time_trace="${TIME_TRACE}" \
--profile ${{ inputs.conan_profile }} --profile "${{ inputs.conan_profile }}"
- name: Run cmake - name: Run cmake
shell: bash shell: bash
@@ -83,6 +83,6 @@ runs:
cmake \ cmake \
-DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \ -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
-DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \ -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
${SANITIZER_OPTION} \ "${SANITIZER_OPTION}" \
.. \ .. \
-G Ninja -G Ninja

6
.github/actions/get_number_of_threads/action.yml vendored
View File

@@ -30,7 +30,7 @@ runs:
id: number_of_threads_export id: number_of_threads_export
shell: bash shell: bash
run: | run: |
num_of_threads=${{ steps.mac_threads.outputs.num || steps.linux_threads.outputs.num }} num_of_threads="${{ steps.mac_threads.outputs.num || steps.linux_threads.outputs.num }}"
shift_by=${{ inputs.subtract_threads }} shift_by="${{ inputs.subtract_threads }}"
shifted=$((num_of_threads - shift_by)) shifted="$((num_of_threads - shift_by))"
echo "num=$(( shifted > 1 ? shifted : 1 ))" >> $GITHUB_OUTPUT echo "num=$(( shifted > 1 ? shifted : 1 ))" >> $GITHUB_OUTPUT

2
.github/actions/git_common_ancestor/action.yml vendored
View File

@@ -13,4 +13,4 @@ runs:
id: find_common_ancestor id: find_common_ancestor
shell: bash shell: bash
run: | run: |
echo "commit=$(git merge-base --fork-point origin/develop)" >> $GITHUB_OUTPUT echo "commit=\"$(git merge-base --fork-point origin/develop)\"" >> $GITHUB_OUTPUT

8
.github/actions/prepare_runner/action.yml vendored
View File

@@ -38,7 +38,7 @@ runs:
FORMULA_EXPECTED_SHA256="c7ec95d86f0657638835441871e77541165e0a2581b53b3dd657cf13ad4228d4" FORMULA_EXPECTED_SHA256="c7ec95d86f0657638835441871e77541165e0a2581b53b3dd657cf13ad4228d4"
mkdir -p /tmp/homebrew-formula mkdir -p /tmp/homebrew-formula
curl -s -L $FORMULA_URL -o /tmp/homebrew-formula/cmake.rb curl -s -L "$FORMULA_URL" -o /tmp/homebrew-formula/cmake.rb
echo "$FORMULA_EXPECTED_SHA256 /tmp/homebrew-formula/cmake.rb" | shasum -a 256 -c echo "$FORMULA_EXPECTED_SHA256 /tmp/homebrew-formula/cmake.rb" | shasum -a 256 -c
@@ -48,7 +48,7 @@ runs:
- name: Fix git permissions on Linux - name: Fix git permissions on Linux
if: ${{ runner.os == 'Linux' }} if: ${{ runner.os == 'Linux' }}
shell: bash shell: bash
run: git config --global --add safe.directory $PWD run: git config --global --add safe.directory "$PWD"
- name: Set env variables for macOS - name: Set env variables for macOS
if: ${{ runner.os == 'macOS' }} if: ${{ runner.os == 'macOS' }}
@@ -73,5 +73,5 @@ runs:
- name: Create directories - name: Create directories
shell: bash shell: bash
run: | run: |
mkdir -p $CCACHE_DIR mkdir -p "$CCACHE_DIR"
mkdir -p $CONAN_USER_HOME/.conan mkdir -p "$CONAN_USER_HOME/.conan"

4
.github/actions/restore_cache/action.yml vendored
View File

@@ -42,9 +42,9 @@ runs:
shell: bash shell: bash
run: | run: |
conan info . -j info.json -o clio:tests=True conan info . -j info.json -o clio:tests=True
packages_info=$(cat info.json | jq '.[] | "\(.display_name): \(.id)"' | grep -v 'clio') packages_info="$(cat info.json | jq '.[] | "\(.display_name): \(.id)"' | grep -v 'clio')"
echo "$packages_info" echo "$packages_info"
hash=$(echo "$packages_info" | shasum -a 256 | cut -d ' ' -f 1) hash="$(echo "$packages_info" | shasum -a 256 | cut -d ' ' -f 1)"
rm info.json rm info.json
echo "hash=$hash" >> $GITHUB_OUTPUT echo "hash=$hash" >> $GITHUB_OUTPUT

14
.github/actions/setup_conan/action.yml vendored
View File

@@ -15,17 +15,17 @@ runs:
env: env:
CONAN_PROFILE: ${{ inputs.conan_profile }} CONAN_PROFILE: ${{ inputs.conan_profile }}
run: | run: |
echo "Creating $CONAN_PROFILE conan profile" echo "Creating \"$CONAN_PROFILE\" conan profile"
conan profile new $CONAN_PROFILE --detect --force conan profile new "$CONAN_PROFILE" --detect --force
conan profile update settings.compiler.libcxx=libc++ $CONAN_PROFILE conan profile update settings.compiler.libcxx=libc++ "$CONAN_PROFILE"
conan profile update settings.compiler.cppstd=20 $CONAN_PROFILE conan profile update settings.compiler.cppstd=20 "$CONAN_PROFILE"
conan profile update env.CXXFLAGS=-DBOOST_ASIO_DISABLE_CONCEPTS $CONAN_PROFILE conan profile update env.CXXFLAGS=-DBOOST_ASIO_DISABLE_CONCEPTS "$CONAN_PROFILE"
conan profile update "conf.tools.build:cxxflags+=[\"-DBOOST_ASIO_DISABLE_CONCEPTS\"]" $CONAN_PROFILE conan profile update "conf.tools.build:cxxflags+=[\"-DBOOST_ASIO_DISABLE_CONCEPTS\"]" "$CONAN_PROFILE"
- name: Add conan-non-prod artifactory - name: Add conan-non-prod artifactory
shell: bash shell: bash
run: | run: |
if [[ -z $(conan remote list | grep conan-non-prod) ]]; then if [[ -z "$(conan remote list | grep conan-non-prod)" ]]; then
echo "Adding conan-non-prod" echo "Adding conan-non-prod"
conan remote add --insert 0 conan-non-prod http://18.143.149.228:8081/artifactory/api/conan/conan-non-prod conan remote add --insert 0 conan-non-prod http://18.143.149.228:8081/artifactory/api/conan/conan-non-prod
else else

14
.github/workflows/build.yml vendored
View File

@@ -80,23 +80,23 @@ jobs:
shell: bash shell: bash
run: | run: |
repoConfigFile=docs/config-description.md repoConfigFile=docs/config-description.md
if ! [ -f ${repoConfigFile} ]; then if ! [ -f "${repoConfigFile}" ]; then
echo "Config Description markdown file is missing in docs folder" echo "Config Description markdown file is missing in docs folder"
exit 1 exit 1
fi fi
chmod +x ./clio_server chmod +x ./clio_server
configDescriptionFile=config_description_new.md configDescriptionFile=config_description_new.md
./clio_server -d ${configDescriptionFile} ./clio_server -d "${configDescriptionFile}"
configDescriptionHash=$(sha256sum ${configDescriptionFile} | cut -d' ' -f1) configDescriptionHash=$(sha256sum "${configDescriptionFile}" | cut -d' ' -f1)
repoConfigHash=$(sha256sum ${repoConfigFile} | cut -d' ' -f1) repoConfigHash=$(sha256sum "${repoConfigFile}" | cut -d' ' -f1)
if [ ${configDescriptionHash} != ${repoConfigHash} ]; then if [ "${configDescriptionHash}" != "${repoConfigHash}" ]; then
echo "Markdown file is not up to date" echo "Markdown file is not up to date"
diff -u "${repoConfigFile}" "${configDescriptionFile}" diff -u "${repoConfigFile}" "${configDescriptionFile}"
rm -f ${configDescriptionFile} rm -f "${configDescriptionFile}"
exit 1 exit 1
fi fi
rm -f ${configDescriptionFile} rm -f "${configDescriptionFile}"
exit 0 exit 0

2
.github/workflows/build_clio_docker_image.yml vendored
View File

@@ -57,7 +57,7 @@ jobs:
if: ${{ inputs.clio_server_binary_url != null }} if: ${{ inputs.clio_server_binary_url != null }}
shell: bash shell: bash
run: | run: |
wget ${{inputs.clio_server_binary_url}} -P ./docker/clio/artifact/ wget "${{inputs.clio_server_binary_url}}" -P ./docker/clio/artifact/
if [ "$(sha256sum ./docker/clio/clio_server | awk '{print $1}')" != "${{inputs.binary_sha256}}" ]; then if [ "$(sha256sum ./docker/clio/clio_server | awk '{print $1}')" != "${{inputs.binary_sha256}}" ]; then
echo "Binary sha256 sum doesn't match" echo "Binary sha256 sum doesn't match"
exit 1 exit 1

2
.github/workflows/clang-tidy.yml vendored
View File

@@ -68,7 +68,7 @@ jobs:
shell: bash shell: bash
id: run_clang_tidy id: run_clang_tidy
run: | run: |
run-clang-tidy-19 -p build -j ${{ steps.number_of_threads.outputs.threads_number }} -fix -quiet 1>output.txt run-clang-tidy-19 -p build -j "${{ steps.number_of_threads.outputs.threads_number }}" -fix -quiet 1>output.txt
- name: Fix local includes - name: Fix local includes
if: ${{ steps.run_clang_tidy.outcome != 'success' }} if: ${{ steps.run_clang_tidy.outcome != 'success' }}

4
.github/workflows/clang-tidy_on_fix_merged.yml vendored
View File

@@ -18,8 +18,8 @@ jobs:
id: check id: check
shell: bash shell: bash
run: | run: |
passed=$(if [[ $(git log -1 --pretty=format:%s | grep 'style: clang-tidy auto fixes') ]]; then echo 'true' ; else echo 'false' ; fi) passed=$(if [[ "$(git log -1 --pretty=format:%s | grep 'style: clang-tidy auto fixes')" ]]; then echo 'true' ; else echo 'false' ; fi)
echo "passed=$passed" >> $GITHUB_OUTPUT echo "passed=\"$passed\"" >> $GITHUB_OUTPUT
- name: Run clang-tidy workflow - name: Run clang-tidy workflow
if: ${{ contains(steps.check.outputs.passed, 'true') }} if: ${{ contains(steps.check.outputs.passed, 'true') }}