Skip to content

security: add escape to arbitrary file access #15742

security: add escape to arbitrary file access

security: add escape to arbitrary file access #15742

Workflow file for this run

name: Core CI Tests
on:
pull_request:
paths-ignore:
- 'README.md'
- 'CHANGELOG.md'
- '.changelog/**'
- '.tours/**'
- 'contributing/**'
- 'demo/**'
- 'dev/**'
- 'e2e/terraform/**'
- 'e2e/ui/**'
- 'integrations/**'
- 'pkg/**'
- 'scripts/**'
- 'terraform/**'
- 'ui/**'
- 'website/**'
push:
branches:
- main
- release/**
paths-ignore:
- 'README.md'
- 'CHANGELOG.md'
- '.changelog/**'
- '.tours/**'
- 'contributing/**'
- 'demo/**'
- 'dev/**'
- 'e2e/terraform/**'
- 'e2e/ui/**'
- 'integrations/**'
- 'pkg/**'
- 'scripts/**'
- 'terraform/**'
- 'ui/**'
- 'website/**'
env:
VERBOSE: 1
GOTESTARCH: amd64
CONSUL_VERSION: 1.14.4
VAULT_VERSION: 1.12.2
NOMAD_SLOW_TEST: 0
NOMAD_TEST_LOG_LEVEL: OFF
jobs:
# this caches dependencies for subsequent jobs, including private deps in enterprise
mods:
runs-on: ${{ endsWith(github.repository, '-enterprise') && fromJSON('["self-hosted", "ondemand", "linux"]') || 'ubuntu-22.04' }}
timeout-minutes: 10
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: ./.github/actions/vault-secrets
with:
paths: |-
kv/data/github/hashicorp/nomad-enterprise/gha ELEVATED_GITHUB_TOKEN ;
- name: Git config token
if: endsWith(github.repository, '-enterprise')
run: git config --global url.'https://${{ env.ELEVATED_GITHUB_TOKEN }}@github.com'.insteadOf 'https://github.com'
- uses: hashicorp/setup-golang@v3
- name: Get Go modules
run: |
make bootstrap
make tidy
checks:
uses: ./.github/workflows/checks.yaml
needs: [mods]
compile:
needs: [mods, checks]
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04, macos-14, windows-2019]
runs-on: ${{matrix.os}}
timeout-minutes: 20
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: hashicorp/setup-golang@v3
- name: Run make dev
run: |
make bootstrap
make dev
tests-api:
needs: [mods]
runs-on: custom-linux-xl-nomad-22.04
timeout-minutes: 8
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: hashicorp/setup-golang@v3
- name: Run API tests
env:
GOTEST_MOD: api
run: |
make bootstrap
make generate-all
sudo sed -i 's!Defaults!#Defaults!g' /etc/sudoers
sudo -E env "PATH=$PATH" make test-nomad-module
tests-groups:
needs: [mods]
runs-on: ubuntu-22.04
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
groups:
- nomad
- client
- command
- drivers
- quick
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: hashicorp/setup-golang@v3
- name: Run Matrix Tests
env:
GOTEST_GROUP: ${{matrix.groups}}
run: |
make bootstrap
make generate-all
make dev
hc-install install -version ${{env.VAULT_VERSION}} -path ${{env.GOBIN}} vault
hc-install install -version ${{env.CONSUL_VERSION}} -path ${{env.GOBIN}} consul
sudo sed -i 's!Defaults!#Defaults!g' /etc/sudoers
sudo -E env "PATH=$PATH" make test-nomad
permissions:
contents: read
id-token: write