Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support against supply attack in Gat #6

Merged
merged 1 commit into from
Nov 6, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ jobs:
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7
- name: Install dependencies
run: npm ci
- name: Ensure workflows are up to date
Expand Down
8 changes: 1 addition & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ new Workflow("My first workflow")
},
],
})
.compile('my-first-workflow.yml');
.compile("my-first-workflow.yml");
```

Notice that you need to call the `compile()` method at the end, passing the file name of the generated Github Actions workflow.
Expand All @@ -52,12 +52,6 @@ You can build your templates running this command in your root folder:
npx gat build
```

Alternatively you can also compile a single template:

```bash
npx gat build .github/templates/some-workflow.ts
```

Following the previous example, you should see now a file `.github/workflows/my-first-workflow.yml` like this:

```yaml
Expand Down
2 changes: 1 addition & 1 deletion src/__snapshots__/workflow.spec.ts.snap
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ jobs:
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
with:
ref: main
"
Expand Down
4 changes: 2 additions & 2 deletions src/cli.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ cli
await execPromise(
`npx ts-node ${process.env["GAT_BUILD_FLAGS"] ?? "--swc -T"} ${path.join(
folder,
"index.ts"
)}`
"index.ts",
)}`,
);

process.exit(0);
Expand Down
4 changes: 4 additions & 0 deletions src/step.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,7 @@ export interface UseStep extends BaseStep {
uses: string;
with?: Record<string, string | number | boolean>;
}

export const isUseStep = (step: Step): step is UseStep => {
return (step as UseStep).uses !== undefined;
};
66 changes: 33 additions & 33 deletions src/workflow.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { RunStep, UseStep } from "./step";
import { Workflow } from "./workflow";

describe("Workflow", () => {
it("generates a simple workflow", () => {
it("generates a simple workflow", async () => {
const workflow = new Workflow("Simple");
workflow
.on("pull_request", { types: ["opened"] })
Expand All @@ -15,21 +15,21 @@ describe("Workflow", () => {
dependsOn: ["job1"],
});

expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows multiple events", () => {
it("allows multiple events", async () => {
const workflow = new Workflow("Multiple events");
workflow
.on("push", { branches: ["main"] })
.on("pull_request", { types: ["opened"] })
.addJob("job1", {
steps: [{ name: "Do something", run: "exit 0" }],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows declaring default options", () => {
it("allows declaring default options", async () => {
const workflow = new Workflow("Default options");
workflow
.on("push", { branches: ["main"] })
Expand All @@ -39,10 +39,10 @@ describe("Workflow", () => {
.addJob("job1", {
steps: [{ name: "Do something", run: "exit 0" }],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows declaring environment variables", () => {
it("allows declaring environment variables", async () => {
const workflow = new Workflow("With Environment variables");
workflow
.on("push")
Expand All @@ -56,10 +56,10 @@ describe("Workflow", () => {
},
],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows using a concurrency group", () => {
it("allows using a concurrency group", async () => {
const workflow = new Workflow("Concurrency group");
workflow.on("push").addJob("job1", {
concurrency: {
Expand All @@ -72,10 +72,10 @@ describe("Workflow", () => {
},
],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows using outputs", () => {
it("allows using outputs", async () => {
const workflow = new Workflow("Using outputs");
workflow.on("push").addJob("job1", {
steps: [
Expand All @@ -88,10 +88,10 @@ describe("Workflow", () => {
"random-number": "${{ steps.random-number.outputs.random-number }}",
},
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows conditional jobs", () => {
it("allows conditional jobs", async () => {
const workflow = new Workflow("Conditional job");
workflow.on("push").addJob("job1", {
ifExpression: "${{ github.ref != 'refs/heads/main' }}",
Expand All @@ -101,10 +101,10 @@ describe("Workflow", () => {
},
],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows a job matrix", () => {
it("allows a job matrix", async () => {
const workflow = new Workflow("Conditional job");
workflow.on("push").addJob("job1", {
matrix: {
Expand Down Expand Up @@ -132,10 +132,10 @@ describe("Workflow", () => {
},
],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows uses steps", () => {
it("allows uses steps", async () => {
const workflow = new Workflow("Uses steps");
workflow
.on("push")
Expand All @@ -151,10 +151,10 @@ describe("Workflow", () => {
},
],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows custom types in a workflow", () => {
it("allows custom types in a workflow", async () => {
interface MyUseStep extends UseStep {
uses: "custom-action";
with: { foo: string };
Expand All @@ -163,7 +163,7 @@ describe("Workflow", () => {
type CustomRunner = "standard-runner";

const workflow = new Workflow<CustomStep, CustomRunner>(
"With custom types"
"With custom types",
);

workflow.on("push").addJob("job1", {
Expand All @@ -181,10 +181,10 @@ describe("Workflow", () => {
],
});

expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("support workflow dispatch event", () => {
it("support workflow dispatch event", async () => {
const workflow = new Workflow("Workflow dispatch");
workflow
.on("workflow_dispatch", {
Expand All @@ -203,29 +203,29 @@ describe("Workflow", () => {
.addJob("job1", {
steps: [{ name: "Do something", run: "exit 0" }],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("supports schedule event", () => {
it("supports schedule event", async () => {
const workflow = new Workflow("Schedule")
.on("schedule", [{ cron: "0 4 * * 1-5" }])
.addJob("job1", {
steps: [{ name: "Do something", run: "exit 0" }],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("supports a pretty name for the job", () => {
it("supports a pretty name for the job", async () => {
const workflow = new Workflow("Job with pretty name")
.on("push")
.addJob("job1", {
prettyName: "My pretty name",
steps: [{ name: "Do something", run: "exit 0" }],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows permissions into jobs", () => {
it("allows permissions into jobs", async () => {
const workflow = new Workflow("Job with permissions")
.on("push")
.addJob("job1", {
Expand All @@ -235,10 +235,10 @@ describe("Workflow", () => {
},
steps: [{ name: "Do something", run: "exit 0" }],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows multiline strings", () => {
it("allows multiline strings", async () => {
const workflow = new Workflow("Multiline strings")
.on("push")
.addJob("job1", {
Expand All @@ -250,10 +250,10 @@ exit 0`,
},
],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});

it("allows concurrency groups at workflow level", () => {
it("allows concurrency groups at workflow level", async () => {
const workflow = new Workflow("Concurrency at workflow level")
.on("push")
.setConcurrencyGroup({
Expand All @@ -268,6 +268,6 @@ exit 0`,
},
],
});
expect(workflow.compile()).toMatchSnapshot();
expect(await workflow.compile()).toMatchSnapshot();
});
});
Loading