From 855b90c3d4ed12677646bf0ce8b0508042d618fc Mon Sep 17 00:00:00 2001 From: Ethan Chiu <17chiue@gmail.com> Date: Tue, 28 Jul 2020 10:15:46 -0400 Subject: [PATCH] Explicitly define what is allowed for a composite action (#605) * Explicitly define what is allowed for an action * Add step-env * Remove secrets + defaults * new line * Add safety check to prevent from checking defaults in ScriptHandler for composite action * Revert "Add safety check to prevent from checking defaults in ScriptHandler for composite action" This reverts commit aeae15de7b621fcc500f44442c09f395d2aa39ac. * Need to explictly use ActionStep type since we need the .Inputs attribute which is only found in the ActionStep not IStep * Fix ActionManifestManager * Remove todos * Revert "Revert "Add safety check to prevent from checking defaults in ScriptHandler for composite action"" This reverts commit a22fcbc03638bc5f4db601588cc633b8b680d586. * revert * Remove needs in env * Make shell required + add inputs * Remove passing context to all composite steps attribuyte --- src/Runner.Worker/Handlers/ScriptHandler.cs | 4 -- src/Runner.Worker/action_yaml.json | 64 ++++++++++++++++----- 2 files changed, 51 insertions(+), 17 deletions(-) diff --git a/src/Runner.Worker/Handlers/ScriptHandler.cs b/src/Runner.Worker/Handlers/ScriptHandler.cs index 397d9a176..022b59420 100644 --- a/src/Runner.Worker/Handlers/ScriptHandler.cs +++ b/src/Runner.Worker/Handlers/ScriptHandler.cs @@ -164,8 +164,6 @@ namespace GitHub.Runner.Worker.Handlers string workingDirectory = null; if (!Inputs.TryGetValue("workingDirectory", out workingDirectory)) { - // TODO: figure out how defaults interact with template later - // for now, we won't check job.defaults if we are inside a template. if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.Global.JobDefaults.TryGetValue("run", out var runDefaults)) { if (runDefaults.TryGetValue("working-directory", out workingDirectory)) @@ -180,8 +178,6 @@ namespace GitHub.Runner.Worker.Handlers string shell = null; if (!Inputs.TryGetValue("shell", out shell) || string.IsNullOrEmpty(shell)) { - // TODO: figure out how defaults interact with template later - // for now, we won't check job.defaults if we are inside a template. if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.Global.JobDefaults.TryGetValue("run", out var runDefaults)) { if (runDefaults.TryGetValue("shell", out shell)) diff --git a/src/Runner.Worker/action_yaml.json b/src/Runner.Worker/action_yaml.json index 82b24a695..a4a09181b 100644 --- a/src/Runner.Worker/action_yaml.json +++ b/src/Runner.Worker/action_yaml.json @@ -108,19 +108,26 @@ } }, "composite-steps": { - "context": [ - "github", - "strategy", - "matrix", - "steps", - "inputs", - "job", - "runner", - "env", - "hashFiles(1,255)" - ], "sequence": { - "item-type": "any" + "item-type": "composite-step" + } + }, + "composite-step": { + "mapping": { + "properties": { + "name": "string-steps-context", + "id": "non-empty-string", + "run": { + "type": "string-steps-context", + "required": true + }, + "env": "step-env", + "working-directory": "string-steps-context", + "shell": { + "type": "non-empty-string", + "required": true + } + } } }, "container-runs-context": { @@ -157,6 +164,37 @@ "string": { "require-non-empty": true } + }, + "string-steps-context": { + "context": [ + "github", + "inputs", + "strategy", + "matrix", + "steps", + "job", + "runner", + "env", + "hashFiles(1,255)" + ], + "string": {} + }, + "step-env": { + "context": [ + "github", + "inputs", + "strategy", + "matrix", + "steps", + "job", + "runner", + "env", + "hashFiles(1,255)" + ], + "mapping": { + "loose-key-type": "non-empty-string", + "loose-value-type": "string" + } } } -} \ No newline at end of file +}