Skip to content

Security Disposal Pipe Fixes #1904

Security Disposal Pipe Fixes

Security Disposal Pipe Fixes #1904

Workflow file for this run

name: Build BAPI
on:
issue_comment:
types: [created]
jobs:
build-bapi:
if: |
github.event.issue.pull_request &&
(github.event.comment.body == '!build_bapi') &&
((github.event.sender.id == github.event.issue.user.id) ||
(github.event.comment.author_association == 'COLLABORATOR') ||
(github.event.comment.author_association == 'MEMBER') ||
(github.event.comment.author_association == 'OWNER'))
runs-on: ubuntu-latest
steps:
- name: Like the comment
env:
BASE_REPOSITORY: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/$BASE_REPOSITORY/issues/comments/${{ github.event.comment.id }}/reactions \
-f content='+1'
- name: PR Data
run: |
pr_json=$(curl -L -s --fail-with-body -H "Authorization: token ${{ github.token }}" ${{ github.event.issue.pull_request.url }})
if [ `jq -r '.maintainer_can_modify' <<<$pr_json` == "false" ] ; then
gh pr comment ${{ github.event.issue.html_url }} --body 'GitHub Actions can not push to the repository without "Allow edits and access to secrets by maintainers" checked.'
echo "FAIL_NOTIFIED=true" >> "$GITHUB_ENV"
exit 1
fi
echo "PR_REPO=`jq -r '.head.repo.full_name' <<<$pr_json`" >> $GITHUB_ENV
echo "PR_BRANCH=`jq -r '.head.ref' <<<$pr_json`" >> $GITHUB_ENV
echo "PR_HEAD_LABEL=`jq -r '.head.label' <<<$pr_json`" >> $GITHUB_ENV
- uses: actions/checkout@v4
with:
repository: ${{ env.PR_REPO }}
ref: ${{ env.PR_BRANCH }}
token: ${{ github.token }}
- name: Build BAPI
env:
BASE_BRANCH: ${{ github.event.repository.default_branch }}
BASE_REPOSITORY: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
run: |
# Get the code.
git config user.name AuroraBuildBot
git config user.email "[email protected]"
git pull origin "$PR_BRANCH" --depth=$((ahead_by + 1))
git remote add upstream "https://github.com/$BASE_REPOSITORY.git"
git fetch upstream "$BASE_BRANCH" --depth=$((behind_by + 1))
cd rust/bapi
# Get dependencies.
rustup target add i686-unknown-linux-gnu
rustup target add i686-pc-windows-gnu
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install zlib1g-dev:i386 lib32gcc-11-dev mingw-w64 mingw-w64-i686-dev
# Build it.
cargo build --release --target i686-unknown-linux-gnu
cargo build --release --target i686-pc-windows-gnu
# Copy the built targets to their checked-in locations.
cp target/i686-unknown-linux-gnu/release/libbapi.so ../../tools/ci/libbapi_ci.so
cp target/i686-pc-windows-gnu/release/bapi.dll ../../bapi.dll
# Check if a workflow file would be modified by the merge (permissions prevent pushes if so)
latest_workflow_commit=$(git log -n 1 --pretty=format:"%H" upstream/$BASE_BRANCH -- .github/workflows)
if ! git branch --contains $latest_workflow_commit | grep -q "$(git rev-parse --abbrev-ref HEAD)"; then
gh pr comment ${{ github.event.issue.html_url }} --body "GitHub Actions can not push to this branch as workflow files have been changed since your branch was last updated. Please update your branch past https://github.com/$BASE_REPOSITORY/commit/$latest_workflow_commit before using this command again."
echo "FAIL_NOTIFIED=true" >> "$GITHUB_ENV"
exit 1
fi
git commit -a -m "Build BAPI" --allow-empty
git push origin
- name: Notify Failure
if: failure() && env.FAIL_NOTIFIED != 'true'
env:
GH_TOKEN: ${{ github.token }}
run: |
gh pr comment ${{ github.event.issue.html_url }} -b 'Building BAPI failed, see the action run log for details: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'