Skip to content

Commit

Permalink
Merge pull request #419 from per1234/avoid-uncontrolled-recursion
Browse files Browse the repository at this point in the history
Prevent uncontrolled file tree recursion while validating configuration files
  • Loading branch information
per1234 authored Nov 30, 2023
2 parents ce4ee80 + b7d77f1 commit 0e986a4
Show file tree
Hide file tree
Showing 6 changed files with 70 additions and 10 deletions.
22 changes: 19 additions & 3 deletions .github/workflows/check-npm-task.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,20 @@ jobs:
echo "result=$RESULT" >> $GITHUB_OUTPUT
validate:
name: validate (${{ matrix.project.path }})
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
permissions:
contents: read

strategy:
fail-fast: false
matrix:
project:
# TODO: add paths of all npm-managed projects in the repository here.
- path: .

steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -74,15 +82,23 @@ jobs:
version: 3.x

- name: Validate package.json
run: task --silent npm:validate
run: task --silent npm:validate PROJECT_PATH="${{ matrix.project.path }}"

check-sync:
name: check-sync (${{ matrix.project.path }})
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
permissions:
contents: read

strategy:
fail-fast: false
matrix:
project:
# TODO: add paths of all npm-managed projects in the repository here.
- path: .

steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -99,7 +115,7 @@ jobs:
version: 3.x

- name: Install npm dependencies
run: task npm:install-deps
run: task npm:install-deps PROJECT_PATH="${{ matrix.project.path }}"

- name: Check package-lock.json
run: git diff --color --exit-code package-lock.json
run: git diff --color --exit-code "${{ matrix.project.path }}/package-lock.json"
22 changes: 19 additions & 3 deletions Taskfile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -359,7 +359,10 @@ tasks:
SCHEMA_URL: https://json.schemastore.org/dependabot-2.0
SCHEMA_PATH:
sh: task utility:mktemp-file TEMPLATE="dependabot-schema-XXXXXXXXXX.json"
DATA_PATH: "**/dependabot.yml"
# The Dependabot configuration file for the repository.
DATA_PATH: ".github/dependabot.yml"
# The asset Dependabot configuration files.
ASSETS_DATA_PATH: "workflow-templates/assets/dependabot/**/dependabot.yml"
PROJECT_FOLDER:
sh: pwd
WORKING_FOLDER:
Expand All @@ -372,6 +375,12 @@ tasks:
--all-errors \
-s "{{.SCHEMA_PATH}}" \
-d "{{.PROJECT_FOLDER}}/{{.DATA_PATH}}"
- |
cd "{{.WORKING_FOLDER}}" # Workaround for https://github.com/npm/cli/issues/3210
npx ajv-cli@{{.SCHEMA_DRAFT_4_AJV_CLI_VERSION}} validate \
--all-errors \
-s "{{.SCHEMA_PATH}}" \
-d "{{.PROJECT_FOLDER}}/{{.ASSETS_DATA_PATH}}"
docs:generate:
desc: Create all generated documentation content
Expand Down Expand Up @@ -696,7 +705,7 @@ tasks:
SCHEMA_URL: https://raw.githubusercontent.com/DavidAnson/markdownlint/main/schema/markdownlint-config-schema.json
SCHEMA_PATH:
sh: task utility:mktemp-file TEMPLATE="markdownlint-schema-XXXXXXXXXX.json"
DATA_PATH: "**/.markdownlint.{yml,yaml}"
DATA_PATH: "workflow-templates/assets/check-markdown/.markdownlint.yml"
deps:
- task: npm:install-deps
cmds:
Expand All @@ -713,12 +722,18 @@ tasks:
-s "{{.SCHEMA_PATH}}" \
-d "{{.DATA_PATH}}"
# Parameter variables:
# - PROJECT_PATH: path of the npm-managed project. Default value: "./"
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/npm-task/Taskfile.yml
npm:install-deps:
desc: Install dependencies managed by npm
dir: |
"{{default "./" .PROJECT_PATH}}"
cmds:
- npm install

# Parameter variables:
# - PROJECT_PATH: path of the npm-managed project. Default value: "./"
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-npm-task/Taskfile.yml
npm:validate:
desc: Validate npm configuration files against their JSON schema
Expand Down Expand Up @@ -755,7 +770,8 @@ tasks:
STYLELINTRC_SCHEMA_URL: https://json.schemastore.org/stylelintrc.json
STYLELINTRC_SCHEMA_PATH:
sh: task utility:mktemp-file TEMPLATE="stylelintrc-schema-XXXXXXXXXX.json"
INSTANCE_PATH: "**/package.json"
INSTANCE_PATH: >-
{{default "." .PROJECT_PATH}}/package.json
PROJECT_FOLDER:
sh: pwd
WORKING_FOLDER:
Expand Down
5 changes: 4 additions & 1 deletion workflow-templates/assets/check-npm-task/Taskfile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ vars:
SCHEMA_DRAFT_4_AJV_CLI_VERSION: 3.3.0

tasks:
# Parameter variables:
# - PROJECT_PATH: path of the npm-managed project. Default value: "./"
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-npm-task/Taskfile.yml
npm:validate:
desc: Validate npm configuration files against their JSON schema
Expand Down Expand Up @@ -42,7 +44,8 @@ tasks:
STYLELINTRC_SCHEMA_URL: https://json.schemastore.org/stylelintrc.json
STYLELINTRC_SCHEMA_PATH:
sh: task utility:mktemp-file TEMPLATE="stylelintrc-schema-XXXXXXXXXX.json"
INSTANCE_PATH: "**/package.json"
INSTANCE_PATH: >-
{{default "." .PROJECT_PATH}}/package.json
PROJECT_FOLDER:
sh: pwd
WORKING_FOLDER:
Expand Down
4 changes: 4 additions & 0 deletions workflow-templates/assets/npm-task/Taskfile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,12 @@
version: "3"

tasks:
# Parameter variables:
# - PROJECT_PATH: path of the npm-managed project. Default value: "./"
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/npm-task/Taskfile.yml
npm:install-deps:
desc: Install dependencies managed by npm
dir: |
"{{default "./" .PROJECT_PATH}}"
cmds:
- npm install
5 changes: 5 additions & 0 deletions workflow-templates/check-npm-task.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ Install the [check-npm-task.yml](check-npm-task.yml) GitHub Actions workflow to

Configure the version of Node.js used for development of the project in the `env.NODE_VERSION` field of `check-npm-task.yml`.

If the project contains **npm**-managed projects (i.e., a folder containing a `package.json` file) in paths other than the root of the repository, add their paths to the [job matrices](https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix) of `check-npm-task.yml` at:

- `jobs.validate.strategy.matrix.project[].path`
- `jobs.check-sync.strategy.matrix.project[].path`

## Readme badge

Markdown badge:
Expand Down
22 changes: 19 additions & 3 deletions workflow-templates/check-npm-task.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,20 @@ jobs:
echo "result=$RESULT" >> $GITHUB_OUTPUT
validate:
name: validate (${{ matrix.project.path }})
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
permissions:
contents: read

strategy:
fail-fast: false
matrix:
project:
# TODO: add paths of all npm-managed projects in the repository here.
- path: .

steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -74,15 +82,23 @@ jobs:
version: 3.x

- name: Validate package.json
run: task --silent npm:validate
run: task --silent npm:validate PROJECT_PATH="${{ matrix.project.path }}"

check-sync:
name: check-sync (${{ matrix.project.path }})
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
permissions:
contents: read

strategy:
fail-fast: false
matrix:
project:
# TODO: add paths of all npm-managed projects in the repository here.
- path: .

steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -99,7 +115,7 @@ jobs:
version: 3.x

- name: Install npm dependencies
run: task npm:install-deps
run: task npm:install-deps PROJECT_PATH="${{ matrix.project.path }}"

- name: Check package-lock.json
run: git diff --color --exit-code package-lock.json
run: git diff --color --exit-code "${{ matrix.project.path }}/package-lock.json"

0 comments on commit 0e986a4

Please sign in to comment.