[Submit add-on]: Everything #587
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Send json file | |
on: | |
issues: | |
types: | |
- labeled | |
jobs: | |
check-addon: | |
outputs: | |
pullRequestNumber: ${{ steps.cpr.outputs.pull-request-number }} | |
headRef: ${{ steps.cpr.outputs.pull-request-head-sha }} | |
issueNumber: ${{ steps.get-data.outputs.issueNumber }} | |
permissions: | |
contents: write | |
issues: write | |
pull-requests: write | |
name: Check add-on | |
if: github.event.label.name == 'autoSubmissionFromIssue' | |
runs-on: windows-latest | |
steps: | |
- name: Checkout datastore repo | |
uses: actions/checkout@v3 | |
with: | |
ref: master | |
path: datastore | |
- name: Get data | |
id: get-data | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const setOutputFromIssue = require('./datastore/.github/workflows/getData.js') | |
setOutputFromIssue({context, core}) | |
- name: Checkout validate repo | |
uses: actions/checkout@v3 | |
with: | |
repository: nvaccess/addon-datastore-validation | |
submodules: true | |
path: validation | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.11 | |
- name: Create validation errors file | |
run: echo "" > validationErrors.md | |
- name: Download add-on | |
env: | |
# transfer user input to env variables | |
# https://blog.gitguardian.com/github-actions-security-cheat-sheet/ | |
url: ${{ steps.get-data.outputs.downloadUrl }} | |
# wrap all user input in quotations to prevent RCE e.g. www.example.com/&rm -rf | |
run: curl --location --output addon.nvda-addon "$env:url" | |
- name: Create JSON submission from issue | |
env: | |
# transfer user input to env variables to escape any code | |
# https://blog.gitguardian.com/github-actions-security-cheat-sheet/ | |
channel: ${{ steps.get-data.outputs.releaseChannel }} | |
publisher: ${{ steps.get-data.outputs.publisher }} | |
sourceUrl: ${{ steps.get-data.outputs.sourceUrl }} | |
url: ${{ steps.get-data.outputs.downloadUrl }} | |
licName: ${{ steps.get-data.outputs.licenseName }} | |
licUrl: ${{ steps.get-data.outputs.licenseURL }} | |
# wrap all user input in quotations to prevent RCE e.g. www.example.com/&rm -rf | |
run: | | |
validation/runcreatejson ` | |
-f addon.nvda-addon ` | |
--dir datastore\addons ` | |
--output .\validationErrors.md ` | |
--channel="""$env:channel""" ` | |
--publisher="""$env:publisher""" ` | |
--sourceUrl="""$env:sourceUrl""" ` | |
--url="""$env:url""" ` | |
--licName="""$env:licName""" ` | |
--licUrl="""$env:licUrl""" | |
- name: Post validation errors as comment | |
if: failure() | |
uses: peter-evans/create-or-update-comment@v2 | |
with: | |
issue-number: ${{ github.event.issue.number }} | |
body-file: ./validationErrors.md | |
- name: Create Pull Request | |
id: cpr | |
uses: peter-evans/create-pull-request@v4 | |
with: | |
path: datastore | |
title: ${{ steps.get-data.outputs.issueTitle }} | |
branch: ${{ github.event.sender.login }}${{ steps.get-data.outputs.issueNumber }} | |
commit-message: ${{ steps.get-data.outputs.issueTitle }} | |
body: "Closes #${{ steps.get-data.outputs.issueNumber }}" | |
author: github-actions <[email protected]> | |
call-workflow-passing-data: | |
needs: check-addon | |
uses: ./.github/workflows/checkAndSubmitAddonMetadata.yml | |
with: | |
issueNumber: ${{ needs.check-addon.outputs.issueNumber }} | |
pullRequestNumber: ${{ needs.check-addon.outputs.pullRequestNumber }} | |
headRef: ${{ needs.check-addon.outputs.headRef }} |