Skip to content

[Submit add-on]: columnsReview #2238

[Submit add-on]: columnsReview

[Submit add-on]: columnsReview #2238

Workflow file for this run

name: Send json file
on:
issues:
types:
- labeled
jobs:
check-addon:
permissions:
contents: write
issues: write
name: Check add-on
if: github.event.label.name == 'autoSubmissionFromIssue'
runs-on: windows-latest
steps:
- name: Checkout datastore repo
uses: actions/checkout@v4
with:
path: datastore
- name: Get data
id: get-data
uses: actions/github-script@v7
with:
script: |
const setOutputFromIssue = require('./datastore/.github/workflows/getData.js')
setOutputFromIssue({context, core})
- name: Checkout validate repo
uses: actions/checkout@v4
with:
repository: nvaccess/addon-datastore-validation
submodules: true
path: validation
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Create validation errors file
run: echo "" > validationErrors.md
- name: Download add-on
env:
# transfer user input to env variables
# https://blog.gitguardian.com/github-actions-security-cheat-sheet/
url: ${{ steps.get-data.outputs.downloadUrl }}
# wrap all user input in quotations to prevent RCE e.g. www.example.com/&rm -rf
run: curl --location --output addon.nvda-addon "$env:url" 2>> validationErrors.md
- name: Add extra message if curl fails to validation errors
if: failure()
run: echo "Error with downloading add-on from download URL" >> validationErrors.md
- name: Create JSON submission from issue
env:
# transfer user input to env variables to escape any code
# https://blog.gitguardian.com/github-actions-security-cheat-sheet/
channel: ${{ steps.get-data.outputs.releaseChannel }}
publisher: ${{ steps.get-data.outputs.publisher }}
sourceUrl: ${{ steps.get-data.outputs.sourceUrl }}
url: ${{ steps.get-data.outputs.downloadUrl }}
licName: ${{ steps.get-data.outputs.licenseName }}
licUrl: ${{ steps.get-data.outputs.licenseURL }}
# wrap all user input in quotations to prevent RCE e.g. www.example.com/&rm -rf
run: |
validation/runcreatejson `
-f addon.nvda-addon `
--dir datastore\addons `
--output .\validationErrors.md `
--channel=""$env:channel"" `
--publisher=""$env:publisher"" `
--sourceUrl=""$env:sourceUrl"" `
--url=""$env:url"" `
--licName=""$env:licName"" `
--licUrl=""$env:licUrl""
- name: Post validation errors as comment
if: failure()
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ github.event.issue.number }}
body-file: ./validationErrors.md
- name: Create branch
id: cb
run: |
cd datastore
git config user.name github-actions
git config user.email [email protected]
git checkout -b ${{ github.event.issue.user.login }}${{ steps.get-data.outputs.issueNumber }}
git pull
git add .
git commit -m "Submit add-on"
# Force push to the branch, as we may need to be handling a resubmission attempt
git push -f origin ${{ github.event.issue.user.login }}${{ steps.get-data.outputs.issueNumber }}
- name: Upload add-on
uses: actions/upload-artifact@v4
with:
name: addon
path: addon.nvda-addon
- name: Install VirusTotal
run: choco install vt-cli
- name: Scan add-on with VirusTotal
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
run: vt scan file -k $env:VT_API_KEY addon.nvda-addon
call-workflow-passing-data:
needs: check-addon
uses: ./.github/workflows/checkAndSubmitAddonMetadata.yml
with:
issueNumber: "${{ github.event.issue.number }}"
issueAuthorId: ${{ github.event.issue.user.id }}
issueAuthorName: ${{ github.event.issue.user.login }}
issueTitle: ${{ github.event.issue.title }}
secrets:
VT_API_KEY: ${{ secrets.VT_API_KEY }}