This is an automated email from the ASF dual-hosted git repository.
nfilotto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 28fd75aa18d (chore) ci: avoid token exposure in pr-comment workflow
(#11880)
28fd75aa18d is described below
commit 28fd75aa18d1cbe159b28fb59cce482ea3c9613b
Author: Nicolas Filotto <[email protected]>
AuthorDate: Thu Nov 2 11:25:13 2023 +0100
(chore) ci: avoid token exposure in pr-comment workflow (#11880)
## Motivation
To avoid potential vulnerabilities due to exposure of the `GITHUB_TOKEN`,
it is recommended to use the Github action
[create-or-update-comment](https://github.com/peter-evans/create-or-update-comment)
## Modifications:
* Use the local github action create-or-update-comment
---
.github/actions/component-test/action.yaml | 35 +++++++++---------------------
.github/workflows/pr-comment.yml | 15 +++++--------
2 files changed, 15 insertions(+), 35 deletions(-)
diff --git a/.github/actions/component-test/action.yaml
b/.github/actions/component-test/action.yaml
index 0f63f351a30..f9266dbdb66 100644
--- a/.github/actions/component-test/action.yaml
+++ b/.github/actions/component-test/action.yaml
@@ -18,9 +18,6 @@
name: "Component Test Runner"
description: "Runs tests of corresponding to the given comment"
inputs:
- github-token:
- description: 'GitHub token to use to update the comment'
- required: true
run-id:
description: 'Id of the job'
required: true
@@ -68,31 +65,19 @@ runs:
path: tests.log
- name: Success comment
if: success()
- uses: actions/github-script@v6
+ uses: ./.github/actions/create-or-update-comment
with:
- github-token: ${{ inputs.github-token }}
- script: |
- await github.rest.issues.updateComment({
- owner: context.repo.owner,
- repo: context.repo.repo,
- issue_number: ${{ inputs.pr-id }},
- comment_id: ${{ inputs.comment-id }},
- body: `${{ inputs.comment-body }}
+ comment-id: ${{ inputs.comment-id }}
+ body: |
+ ${{ inputs.comment-body }}
- **Result** :white_check_mark: The tests passed successfully`
- });
+ **Result** :white_check_mark: The tests passed successfully
- name: Failure comment
if: failure()
- uses: actions/github-script@v6
+ uses: ./.github/actions/create-or-update-comment
with:
- github-token: ${{ inputs.github-token }}
- script: |
- await github.rest.issues.updateComment({
- owner: context.repo.owner,
- repo: context.repo.repo,
- issue_number: ${{ inputs.pr-id }},
- comment_id: ${{ inputs.comment-id }},
- body: `${{ inputs.comment-body }}
+ comment-id: ${{ inputs.comment-id }}
+ body: |
+ ${{ inputs.comment-body }}
- **Result** :x: The tests failed please [check the
logs](https://github.com/apache/camel/actions/runs/${{ inputs.run-id }})`
- });
+ **Result** :x: The tests failed please [check the
logs](https://github.com/apache/camel/actions/runs/${{ inputs.run-id }})
diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml
index f1d78120c33..3ff170e23ae 100644
--- a/.github/workflows/pr-comment.yml
+++ b/.github/workflows/pr-comment.yml
@@ -32,16 +32,11 @@ jobs:
matrix:
java: [ '17' ]
steps:
- - uses: actions/github-script@v6
+ - uses: peter-evans/[email protected]
with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- script: |
- github.rest.issues.createComment({
- issue_number: context.issue.number,
- owner: context.repo.owner,
- repo: context.repo.repo,
- body: `:robot: The Apache Camel test robot will run the tests
for you :+1:`
- })
+ issue-number: ${{ context.issue.number }}
+ body: |
+ :robot: The Apache Camel test robot will run the tests for you :+1:
- name: Retrieve sha
uses: actions/github-script@v6
with:
@@ -56,6 +51,7 @@ jobs:
- uses: actions/checkout@v4
with:
ref: ${{ env.pr_sha }}
+ submodules: recursive
- id: install-packages
uses: ./.github/actions/install-packages
- name: Set up JDK ${{ matrix.java }}
@@ -68,7 +64,6 @@ jobs:
name: Component test execution
uses: ./.github/actions/component-test
with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.run_id }}
pr-id: ${{ github.event.issue.number }}
comment-id: ${{ github.event.comment.id }}
