This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/doris-cli.git
The following commit(s) were added to refs/heads/main by this push:
new bb44c80 ci(release-npm): replace allowlist-blocked actions with local
ones
bb44c80 is described below
commit bb44c80344e077b5747fecefdfbd1b431efe9300
Author: Mingyu Chen (Rayner) <[email protected]>
AuthorDate: Sat May 30 11:36:56 2026 +0800
ci(release-npm): replace allowlist-blocked actions with local ones
apache/doris-cli enforces an org-level GitHub Actions allowlist that
rejects third-party actions such as dtolnay/rust-toolchain and
ilammy/setup-nasm. Reimplement both as local composite actions under
.github/actions, referenced by in-repo relative path, following the
apache/doris .github/actions pattern.
The allowlist is enforced transitively, so the local actions do the work
directly via the rustup/choco that ship on the runners instead of
wrapping the blocked actions.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
---
.github/actions/setup-nasm/action.yml | 17 +++++++++++++
.github/actions/setup-rust-toolchain/action.yml | 32 +++++++++++++++++++++++++
.github/workflows/release-npm.yml | 9 +++++--
3 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/.github/actions/setup-nasm/action.yml
b/.github/actions/setup-nasm/action.yml
new file mode 100644
index 0000000..05072ff
--- /dev/null
+++ b/.github/actions/setup-nasm/action.yml
@@ -0,0 +1,17 @@
+name: Setup NASM
+description: >-
+ Install the NASM assembler on Windows runners (required to build the vendored
+ OpenSSL pulled in by openssl-sys). This is a local replacement for
+ ilammy/setup-nasm, which the apache org GitHub Actions allowlist blocks.
+ Intended to be called only on Windows runners.
+
+runs:
+ using: composite
+ steps:
+ # choco ships on GitHub-hosted Windows runners. The package installs to
+ # C:\Program Files\NASM but does not reliably add it to PATH, so do it here
+ # to make nasm.exe available to later steps in the job.
+ - shell: pwsh
+ run: |
+ choco install nasm --no-progress --yes
+ Add-Content -Path $env:GITHUB_PATH -Value 'C:\Program Files\NASM'
diff --git a/.github/actions/setup-rust-toolchain/action.yml
b/.github/actions/setup-rust-toolchain/action.yml
new file mode 100644
index 0000000..5394490
--- /dev/null
+++ b/.github/actions/setup-rust-toolchain/action.yml
@@ -0,0 +1,32 @@
+name: Setup Rust toolchain
+description: >-
+ Install a Rust toolchain (and optional cross-compilation targets) using the
+ rustup that ships on GitHub-hosted runners. This is a local replacement for
+ dtolnay/rust-toolchain, which the apache org GitHub Actions allowlist blocks.
+
+inputs:
+ toolchain:
+ description: Toolchain to install and set as the default (e.g. stable,
1.79.0).
+ required: false
+ default: stable
+ targets:
+ description: Space-separated list of additional compilation targets to add.
+ required: false
+ default: ""
+
+runs:
+ using: composite
+ steps:
+ # `shell: bash` works on every runner, including Windows (Git Bash).
+ - shell: bash
+ env:
+ TOOLCHAIN: ${{ inputs.toolchain }}
+ TARGETS: ${{ inputs.targets }}
+ run: |
+ set -eux
+ rustup toolchain install "${TOOLCHAIN}" --profile minimal
--no-self-update
+ rustup default "${TOOLCHAIN}"
+ if [ -n "${TARGETS}" ]; then
+ # Unquoted on purpose: allow a space-separated list of targets.
+ rustup target add ${TARGETS}
+ fi
diff --git a/.github/workflows/release-npm.yml
b/.github/workflows/release-npm.yml
index acb5167..d6c710e 100644
--- a/.github/workflows/release-npm.yml
+++ b/.github/workflows/release-npm.yml
@@ -35,14 +35,19 @@ jobs:
- { runner: windows-latest, key: win32-x64, target:
x86_64-pc-windows-msvc }
runs-on: ${{ matrix.runner }}
steps:
+ # checkout must run first: the steps below use local composite actions
+ # (referenced by in-repo relative path) that live in this repository.
+ # The apache org action allowlist blocks third-party actions such as
+ # dtolnay/rust-toolchain and ilammy/setup-nasm, so they are reimplemented
+ # under .github/actions and used via ./.github/actions/<name>.
- uses: actions/checkout@v4
- - uses: dtolnay/rust-toolchain@stable
+ - uses: ./.github/actions/setup-rust-toolchain
with:
targets: ${{ matrix.target }}
# The crate builds OpenSSL from source (openssl `vendored`); on Windows
that
# needs NASM + Perl (Perl ships on the windows runner).
- if: runner.os == 'Windows'
- uses: ilammy/setup-nasm@v1
+ uses: ./.github/actions/setup-nasm
- uses: actions/setup-node@v4
with:
node-version: 20
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]