From 3100d1870cb756626a4337ed880da6cf64ce2e7f Mon Sep 17 00:00:00 2001 From: ActoryOu Date: Mon, 4 Nov 2024 02:30:11 +0000 Subject: [PATCH 1/3] Follow Security Guide to update release.yml --- .github/workflows/release.yml | 36 +++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d1c6857..7fac7dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,21 +24,31 @@ jobs: with: ref: ${{ github.event.inputs.commit_id }} - name: Configure git identity + env: + ACTOR: ${{ github.actor }} run: | - git config --global user.name ${{ github.actor }} - git config --global user.email ${{ github.actor }}@users.noreply.github.com + git config --global user.name "$ACTOR" + git config --global user.email "$ACTOR"@users.noreply.github.com - name: create a new branch that references commit id - run: git checkout -b ${{ github.event.inputs.version_number }} ${{ github.event.inputs.commit_id }} + env: + VERSION_NUMBER: ${{ github.event.inputs.version_number }} + COMMIT_ID: ${{ github.event.inputs.commit_id }} + run: git checkout -b "$VERSION_NUMBER" "$COMMIT_ID" - name: Tag Commit and Push to remote + env: + VERSION_NUMBER: ${{ github.event.inputs.version_number }} run: | - git tag ${{ github.event.inputs.version_number }} -a -m "Release ${{ github.event.inputs.version_number }}" + git tag "$VERSION_NUMBER" -a -m "Release $VERSION_NUMBER" git push origin --tags - name: Verify tag on remote + env: + VERSION_NUMBER: ${{ github.event.inputs.version_number }} + COMMIT_ID: ${{ github.event.inputs.commit_id }} run: | - git tag -d ${{ github.event.inputs.version_number }} + git tag -d "$VERSION_NUMBER" git remote update - git checkout tags/${{ github.event.inputs.version_number }} - git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }} + git checkout tags/"$VERSION_NUMBER" + git diff "$COMMIT_ID" tags/"$VERSION_NUMBER" create-zip: needs: tag-commit name: Create ZIP and verify package for release asset. @@ -53,21 +63,27 @@ jobs: path: ${{ github.event.repository.name }} submodules: recursive - name: Checkout disabled submodules + env: + REPO_NAME: ${{ github.event.repository.name }} run: | - cd ${{ github.event.repository.name }} + cd "$REPO_NAME" git submodule update --init --checkout --recursive - name: Create ZIP + env: + REPO_NAME: ${{ github.event.repository.name }} run: | - zip -r ${{ env.repostiory_zip_name }} ${{ github.event.repository.name }} -x "*.git*" + zip -r ${{ env.repostiory_zip_name }} "$REPO_NAME" -x "*.git*" ls ./ - name: Validate created ZIP + env: + REPO_NAME: ${{ github.event.repository.name }} run: | mkdir zip-check mv ${{ env.repostiory_zip_name }} zip-check cd zip-check unzip ${{ env.repostiory_zip_name }} -d ${{ env.repository_compressed_name }} ls ${{ env.repository_compressed_name }} - diff -r -x "*.git*" ${{ env.repository_compressed_name }}/${{ github.event.repository.name }}/ ../${{ github.event.repository.name }}/ + diff -r -x "*.git*" ${{ env.repository_compressed_name }}/"$REPO_NAME"/ ../"$REPO_NAME"/ - name: Create artifact of ZIP uses: actions/upload-artifact@v2 with: From 4f3ea0645b38518c06cf11688d5d5d195cc90514 Mon Sep 17 00:00:00 2001 From: ActoryOu Date: Mon, 4 Nov 2024 02:33:52 +0000 Subject: [PATCH 2/3] Update upload-artifact to v4 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7fac7dd..0a98396 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -85,7 +85,7 @@ jobs: ls ${{ env.repository_compressed_name }} diff -r -x "*.git*" ${{ env.repository_compressed_name }}/"$REPO_NAME"/ ../"$REPO_NAME"/ - name: Create artifact of ZIP - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: ${{ env.repostiory_zip_name }} path: zip-check/${{ env.repostiory_zip_name }} From 5c43a0c265b8a90a3dce209d4e9a2f0eb1661785 Mon Sep 17 00:00:00 2001 From: Rahul Kar Date: Mon, 4 Nov 2024 09:47:18 +0000 Subject: [PATCH 3/3] Fix spell check --- .github/.cSpellWords.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/.cSpellWords.txt b/.github/.cSpellWords.txt index dfe31de..d9eb837 100644 --- a/.github/.cSpellWords.txt +++ b/.github/.cSpellWords.txt @@ -1,6 +1,7 @@ BTDM CBMC CBOR +ccbits CMOCK CMock CSDK