diff --git a/action.yml b/action.yml index 91f18509..f89b75a2 100644 --- a/action.yml +++ b/action.yml @@ -20,7 +20,7 @@ inputs: branch: description: Git branch name, where changes should be pushed too. Required if Action is used on the `pull_request` event required: false - default: ${{ github.head_ref }} + default: ${{ github.ref_name }} file_pattern: description: File pattern used for `git add`. For example `component-definitions/*`. Defaults to (`.`) required: false @@ -55,7 +55,7 @@ outputs: runs: using: "docker" image: "Dockerfile" - entrypoint: [ "/entrypoint.sh"] + entrypoint: "/entrypoint.sh" branding: icon: "check" diff --git a/entrypoint.sh b/entrypoint.sh index f673a9a5..281ad4ef 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,6 +2,27 @@ set -eu +# Manage newest git versions (related to CVE https://github.blog/2022-04-12-git-security-vulnerability-announced/) +# +if [ -z ${GITHUB_WORKSPACE+x} ]; then + echo "Setting git safe.directory default: /github/workspace ..." + git config --global --add safe.directory /github/workspace +else + echo "Setting git safe.directory GITHUB_WORKSPACE: $GITHUB_WORKSPACE ..." + git config --global --add safe.directory "$GITHUB_WORKSPACE" +fi + +if [ -z ${INPUT_REPOSITORY+x} ]; then + echo "Skipping setting working directory as safe directory" +else + echo "Setting git safe.directory default: $INPUT_REPOSITORY..." + git config --global --add safe.directory "$INPUT_REPOSITORY" +fi + +exec 3>&1 + +trap exec 3>&- EXIT + output=$(python3.8 -m trestlebot \ --markdown-path="${INPUT_MARKDOWN_PATH}" \ --assemble-model="${INPUT_ASSEMBLE_MODEL}" \ @@ -13,9 +34,7 @@ output=$(python3.8 -m trestlebot \ --committer-email="${INPUT_COMMIT_USER_EMAIL}" \ --author-name="${INPUT_COMMIT_AUTHOR_NAME}" \ --author-email="${INPUT_COMMIT_AUTHOR_EMAIL}" \ - --working-dir="${INPUT_WORKING_DIR}" 2>&1 | tee log.txt) - -cat log.txt + --working-dir="${INPUT_REPOSITORY}" | tee /dev/fd/3) commit=$(echo "$output" | grep "Commit Hash:" | sed 's/.*: //') @@ -24,4 +43,4 @@ if [ -n "$commit" ]; then echo "commit=$commit" >> "$GITHUB_OUTPUT" else echo "changes=false" >> "$GITHUB_OUTPUT" -fi +fi \ No newline at end of file diff --git a/trestlebot/bot.py b/trestlebot/bot.py index 269227bc..84f57a03 100644 --- a/trestlebot/bot.py +++ b/trestlebot/bot.py @@ -41,8 +41,15 @@ class RepoException(Exception): def _stage_files(gitwd: Repo, patterns: List[str]) -> None: """Stages files in git based on file patterns""" for pattern in patterns: - logging.info(f"Adding file for pattern {pattern}") - gitwd.index.add(pattern) + if pattern == ".": + logging.info("Staging all repository changes") + # Using check to avoid adding git directory + # https://github.com/gitpython-developers/GitPython/issues/292 + gitwd.git.add(all=True) + return + else: + logging.info(f"Adding file for pattern {pattern}") + gitwd.git.add(pattern) def _local_commit( diff --git a/trestlebot/cli.py b/trestlebot/cli.py index 649ddc9f..ff26c33a 100644 --- a/trestlebot/cli.py +++ b/trestlebot/cli.py @@ -172,7 +172,8 @@ def run() -> None: ) # Print the full commit sha - print(f" Commit Hash: {commit_sha}") + if commit_sha: + print(f"Commit Hash: {commit_sha}") except Exception as e: exit_code = handle_exception(e)