fix: remove composite restrictions (#1128)
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
parent
7704033ec6
commit
ebb408f373
3 changed files with 29 additions and 68 deletions
|
@ -23,21 +23,6 @@ type Workflow struct {
|
||||||
Defaults Defaults `yaml:"defaults"`
|
Defaults Defaults `yaml:"defaults"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// CompositeRestrictions is the structure to control what is allowed in composite actions
|
|
||||||
type CompositeRestrictions struct {
|
|
||||||
AllowCompositeUses bool
|
|
||||||
AllowCompositeIf bool
|
|
||||||
AllowCompositeContinueOnError bool
|
|
||||||
}
|
|
||||||
|
|
||||||
func defaultCompositeRestrictions() *CompositeRestrictions {
|
|
||||||
return &CompositeRestrictions{
|
|
||||||
AllowCompositeUses: true,
|
|
||||||
AllowCompositeIf: true,
|
|
||||||
AllowCompositeContinueOnError: false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// On events for the workflow
|
// On events for the workflow
|
||||||
func (w *Workflow) On() []string {
|
func (w *Workflow) On() []string {
|
||||||
switch w.RawOn.Kind {
|
switch w.RawOn.Kind {
|
||||||
|
@ -431,22 +416,6 @@ func (s *Step) Type() StepType {
|
||||||
return StepTypeUsesActionRemote
|
return StepTypeUsesActionRemote
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Step) Validate(config *CompositeRestrictions) error {
|
|
||||||
if config == nil {
|
|
||||||
config = defaultCompositeRestrictions()
|
|
||||||
}
|
|
||||||
if s.Type() != StepTypeRun && !config.AllowCompositeUses {
|
|
||||||
return fmt.Errorf("(StepID: %s): Unexpected value 'uses'", s.String())
|
|
||||||
} else if s.Type() == StepTypeRun && s.Shell == "" {
|
|
||||||
return fmt.Errorf("(StepID: %s): Required property is missing: 'shell'", s.String())
|
|
||||||
} else if !s.If.IsZero() && !config.AllowCompositeIf {
|
|
||||||
return fmt.Errorf("(StepID: %s): Property is not available: 'if'", s.String())
|
|
||||||
} else if s.ContinueOnError && !config.AllowCompositeContinueOnError {
|
|
||||||
return fmt.Errorf("(StepID: %s): Property is not available: 'continue-on-error'", s.String())
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ReadWorkflow returns a list of jobs for a given workflow file reader
|
// ReadWorkflow returns a list of jobs for a given workflow file reader
|
||||||
func ReadWorkflow(in io.Reader) (*Workflow, error) {
|
func ReadWorkflow(in io.Reader) (*Workflow, error) {
|
||||||
w := new(Workflow)
|
w := new(Workflow)
|
||||||
|
|
|
@ -364,13 +364,6 @@ func execAsComposite(step actionStep, containerActionDir string) common.Executor
|
||||||
action := step.getActionModel()
|
action := step.getActionModel()
|
||||||
|
|
||||||
return func(ctx context.Context) error {
|
return func(ctx context.Context) error {
|
||||||
// Disable some features of composite actions, only for feature parity with github
|
|
||||||
for _, compositeStep := range action.Runs.Steps {
|
|
||||||
if err := compositeStep.Validate(rc.Config.CompositeRestrictions); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
eval := rc.NewExpressionEvaluator()
|
eval := rc.NewExpressionEvaluator()
|
||||||
|
|
||||||
inputs := make(map[string]interface{})
|
inputs := make(map[string]interface{})
|
||||||
|
|
|
@ -23,36 +23,35 @@ type Runner interface {
|
||||||
|
|
||||||
// Config contains the config for a new runner
|
// Config contains the config for a new runner
|
||||||
type Config struct {
|
type Config struct {
|
||||||
Actor string // the user that triggered the event
|
Actor string // the user that triggered the event
|
||||||
Workdir string // path to working directory
|
Workdir string // path to working directory
|
||||||
BindWorkdir bool // bind the workdir to the job container
|
BindWorkdir bool // bind the workdir to the job container
|
||||||
EventName string // name of event to run
|
EventName string // name of event to run
|
||||||
EventPath string // path to JSON file to use for event.json in containers
|
EventPath string // path to JSON file to use for event.json in containers
|
||||||
DefaultBranch string // name of the main branch for this repository
|
DefaultBranch string // name of the main branch for this repository
|
||||||
ReuseContainers bool // reuse containers to maintain state
|
ReuseContainers bool // reuse containers to maintain state
|
||||||
ForcePull bool // force pulling of the image, even if already present
|
ForcePull bool // force pulling of the image, even if already present
|
||||||
ForceRebuild bool // force rebuilding local docker image action
|
ForceRebuild bool // force rebuilding local docker image action
|
||||||
LogOutput bool // log the output from docker run
|
LogOutput bool // log the output from docker run
|
||||||
JSONLogger bool // use json or text logger
|
JSONLogger bool // use json or text logger
|
||||||
Env map[string]string // env for containers
|
Env map[string]string // env for containers
|
||||||
Secrets map[string]string // list of secrets
|
Secrets map[string]string // list of secrets
|
||||||
Token string // GitHub token
|
Token string // GitHub token
|
||||||
InsecureSecrets bool // switch hiding output when printing to terminal
|
InsecureSecrets bool // switch hiding output when printing to terminal
|
||||||
Platforms map[string]string // list of platforms
|
Platforms map[string]string // list of platforms
|
||||||
Privileged bool // use privileged mode
|
Privileged bool // use privileged mode
|
||||||
UsernsMode string // user namespace to use
|
UsernsMode string // user namespace to use
|
||||||
ContainerArchitecture string // Desired OS/architecture platform for running containers
|
ContainerArchitecture string // Desired OS/architecture platform for running containers
|
||||||
ContainerDaemonSocket string // Path to Docker daemon socket
|
ContainerDaemonSocket string // Path to Docker daemon socket
|
||||||
UseGitIgnore bool // controls if paths in .gitignore should not be copied into container, default true
|
UseGitIgnore bool // controls if paths in .gitignore should not be copied into container, default true
|
||||||
GitHubInstance string // GitHub instance to use, default "github.com"
|
GitHubInstance string // GitHub instance to use, default "github.com"
|
||||||
ContainerCapAdd []string // list of kernel capabilities to add to the containers
|
ContainerCapAdd []string // list of kernel capabilities to add to the containers
|
||||||
ContainerCapDrop []string // list of kernel capabilities to remove from the containers
|
ContainerCapDrop []string // list of kernel capabilities to remove from the containers
|
||||||
AutoRemove bool // controls if the container is automatically removed upon workflow completion
|
AutoRemove bool // controls if the container is automatically removed upon workflow completion
|
||||||
ArtifactServerPath string // the path where the artifact server stores uploads
|
ArtifactServerPath string // the path where the artifact server stores uploads
|
||||||
ArtifactServerPort string // the port the artifact server binds to
|
ArtifactServerPort string // the port the artifact server binds to
|
||||||
CompositeRestrictions *model.CompositeRestrictions // describes which features are available in composite actions
|
NoSkipCheckout bool // do not skip actions/checkout
|
||||||
NoSkipCheckout bool // do not skip actions/checkout
|
RemoteName string // remote name in local git repo config
|
||||||
RemoteName string // remote name in local git repo config
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Resolves the equivalent host path inside the container
|
// Resolves the equivalent host path inside the container
|
||||||
|
|
Loading…
Reference in a new issue