fix: remove composite restrictions (#1128)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
R 2022-05-23 22:27:12 +02:00 committed by GitHub
parent 7704033ec6
commit ebb408f373
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 68 deletions

View file

@ -23,21 +23,6 @@ type Workflow struct {
Defaults Defaults `yaml:"defaults"` Defaults Defaults `yaml:"defaults"`
} }
// CompositeRestrictions is the structure to control what is allowed in composite actions
type CompositeRestrictions struct {
AllowCompositeUses bool
AllowCompositeIf bool
AllowCompositeContinueOnError bool
}
func defaultCompositeRestrictions() *CompositeRestrictions {
return &CompositeRestrictions{
AllowCompositeUses: true,
AllowCompositeIf: true,
AllowCompositeContinueOnError: false,
}
}
// On events for the workflow // On events for the workflow
func (w *Workflow) On() []string { func (w *Workflow) On() []string {
switch w.RawOn.Kind { switch w.RawOn.Kind {
@ -431,22 +416,6 @@ func (s *Step) Type() StepType {
return StepTypeUsesActionRemote return StepTypeUsesActionRemote
} }
func (s *Step) Validate(config *CompositeRestrictions) error {
if config == nil {
config = defaultCompositeRestrictions()
}
if s.Type() != StepTypeRun && !config.AllowCompositeUses {
return fmt.Errorf("(StepID: %s): Unexpected value 'uses'", s.String())
} else if s.Type() == StepTypeRun && s.Shell == "" {
return fmt.Errorf("(StepID: %s): Required property is missing: 'shell'", s.String())
} else if !s.If.IsZero() && !config.AllowCompositeIf {
return fmt.Errorf("(StepID: %s): Property is not available: 'if'", s.String())
} else if s.ContinueOnError && !config.AllowCompositeContinueOnError {
return fmt.Errorf("(StepID: %s): Property is not available: 'continue-on-error'", s.String())
}
return nil
}
// ReadWorkflow returns a list of jobs for a given workflow file reader // ReadWorkflow returns a list of jobs for a given workflow file reader
func ReadWorkflow(in io.Reader) (*Workflow, error) { func ReadWorkflow(in io.Reader) (*Workflow, error) {
w := new(Workflow) w := new(Workflow)

View file

@ -364,13 +364,6 @@ func execAsComposite(step actionStep, containerActionDir string) common.Executor
action := step.getActionModel() action := step.getActionModel()
return func(ctx context.Context) error { return func(ctx context.Context) error {
// Disable some features of composite actions, only for feature parity with github
for _, compositeStep := range action.Runs.Steps {
if err := compositeStep.Validate(rc.Config.CompositeRestrictions); err != nil {
return err
}
}
eval := rc.NewExpressionEvaluator() eval := rc.NewExpressionEvaluator()
inputs := make(map[string]interface{}) inputs := make(map[string]interface{})

View file

@ -23,36 +23,35 @@ type Runner interface {
// Config contains the config for a new runner // Config contains the config for a new runner
type Config struct { type Config struct {
Actor string // the user that triggered the event Actor string // the user that triggered the event
Workdir string // path to working directory Workdir string // path to working directory
BindWorkdir bool // bind the workdir to the job container BindWorkdir bool // bind the workdir to the job container
EventName string // name of event to run EventName string // name of event to run
EventPath string // path to JSON file to use for event.json in containers EventPath string // path to JSON file to use for event.json in containers
DefaultBranch string // name of the main branch for this repository DefaultBranch string // name of the main branch for this repository
ReuseContainers bool // reuse containers to maintain state ReuseContainers bool // reuse containers to maintain state
ForcePull bool // force pulling of the image, even if already present ForcePull bool // force pulling of the image, even if already present
ForceRebuild bool // force rebuilding local docker image action ForceRebuild bool // force rebuilding local docker image action
LogOutput bool // log the output from docker run LogOutput bool // log the output from docker run
JSONLogger bool // use json or text logger JSONLogger bool // use json or text logger
Env map[string]string // env for containers Env map[string]string // env for containers
Secrets map[string]string // list of secrets Secrets map[string]string // list of secrets
Token string // GitHub token Token string // GitHub token
InsecureSecrets bool // switch hiding output when printing to terminal InsecureSecrets bool // switch hiding output when printing to terminal
Platforms map[string]string // list of platforms Platforms map[string]string // list of platforms
Privileged bool // use privileged mode Privileged bool // use privileged mode
UsernsMode string // user namespace to use UsernsMode string // user namespace to use
ContainerArchitecture string // Desired OS/architecture platform for running containers ContainerArchitecture string // Desired OS/architecture platform for running containers
ContainerDaemonSocket string // Path to Docker daemon socket ContainerDaemonSocket string // Path to Docker daemon socket
UseGitIgnore bool // controls if paths in .gitignore should not be copied into container, default true UseGitIgnore bool // controls if paths in .gitignore should not be copied into container, default true
GitHubInstance string // GitHub instance to use, default "github.com" GitHubInstance string // GitHub instance to use, default "github.com"
ContainerCapAdd []string // list of kernel capabilities to add to the containers ContainerCapAdd []string // list of kernel capabilities to add to the containers
ContainerCapDrop []string // list of kernel capabilities to remove from the containers ContainerCapDrop []string // list of kernel capabilities to remove from the containers
AutoRemove bool // controls if the container is automatically removed upon workflow completion AutoRemove bool // controls if the container is automatically removed upon workflow completion
ArtifactServerPath string // the path where the artifact server stores uploads ArtifactServerPath string // the path where the artifact server stores uploads
ArtifactServerPort string // the port the artifact server binds to ArtifactServerPort string // the port the artifact server binds to
CompositeRestrictions *model.CompositeRestrictions // describes which features are available in composite actions NoSkipCheckout bool // do not skip actions/checkout
NoSkipCheckout bool // do not skip actions/checkout RemoteName string // remote name in local git repo config
RemoteName string // remote name in local git repo config
} }
// Resolves the equivalent host path inside the container // Resolves the equivalent host path inside the container