Skip to content

Fixes CVE-2024-32489 in tecnickcom/tcpdf #7942

Fixes CVE-2024-32489 in tecnickcom/tcpdf

Fixes CVE-2024-32489 in tecnickcom/tcpdf #7942

Workflow file for this run

name: Build Vue files
on:
pull_request:
types: [synchronize, opened]
permissions:
actions: read
checks: none
contents: write
deployments: none
issues: write
packages: none
pull-requests: write
repository-projects: none
security-events: none
statuses: none
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Detect branch for PR
id: vars
run: |
PR="${{ github.event.pull_request.number }}"
PR_INFO=$( curl \
--request GET \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
--url https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$PR )
REF=$(echo "${PR_INFO}" | jq -r .head.ref)
BASE=$(echo "${PR_INFO}" | jq -r .head.repo.full_name)
STATE=$(echo "${PR_INFO}" | jq -r .state)
BASE_SHA=$(echo "${PR_INFO}" | jq -r .base.sha)
if [[ $STATE == "closed" ]]
then
echo "Pull Request already closed."
exit 0;
fi
echo "islocalbranch=$(expr $BASE == $GITHUB_REPOSITORY)" >> $GITHUB_OUTPUT
echo "branch=$REF" >> $GITHUB_OUTPUT
echo "base=$BASE_SHA" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
with:
lfs: false
persist-credentials: false
if: steps.vars.outputs.branch != ''
- name: Check vue changes
id: vuecheck
run: |
git fetch --depth=1 origin ${{ steps.vars.outputs.base }}
VUE_FILES_MODIFIED=$(git diff --name-only ${{ steps.vars.outputs.base }} -- plugins/*/vue/**/* plugins/CoreVue/types package-lock.json | wc -l)
if [[ $VUE_FILES_MODIFIED == "0" ]]
then
echo "No vue files modified"
exit 0;
fi
echo "vue_modified=1" >> $GITHUB_OUTPUT
if: steps.vars.outputs.branch != ''
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.0'
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: '16'
cache: 'npm'
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- run: npm install
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Get composer cache directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Cache dependencies
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-composer-
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Install dependencies
run: composer install --prefer-dist
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Quick Matomo Install
run: |
cat <<-EOF > ./config/config.ini.php
[General]
always_load_commands_from_plugin=CoreVue
[Development]
enabled = 1
EOF
cat ./config/config.ini.php
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Prepare git config
run: |
cat <<- EOF > $HOME/.netrc
machine github.com
login $GITHUB_ACTOR
password $GITHUB_TOKEN
machine api.github.com
login $GITHUB_ACTOR
password $GITHUB_TOKEN
EOF
chmod 600 $HOME/.netrc
git config --global user.email "[email protected]"
git config --global user.name "$GITHUB_ACTOR"
git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$GITHUB_REPOSITORY
if [[ ${{ steps.vars.outputs.islocalbranch }} ]]
then
git fetch --depth=1 origin $BRANCH_NAME
git checkout $BRANCH_NAME
fi
env:
BRANCH_NAME: ${{ steps.vars.outputs.branch }}
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Build Vue Modules
run: php ./console vue:build
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- name: Push changes
id: push
run: |
if [[ $( git diff --numstat plugins/*/vue/dist/*.js ) ]]
then
if [[ ! ${{ steps.vars.outputs.islocalbranch }} ]]
then
echo "It's only possible to update local branches automatically. Adding a comment instead."
echo "failure=1" >> $GITHUB_OUTPUT
else
cd $GITHUB_WORKSPACE
git add plugins/*/vue/dist/*.js plugins/*/vue/dist/*.json
git commit -m "Build vue files"
git push
fi
fi
if: steps.vars.outputs.branch != '' && steps.vuecheck.outputs.vue_modified == '1'
- uses: actions/github-script@v6
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'Vue files are not up to date. Please build the files using `./console vue:build` locally and push them to your branch.'
})
if: steps.push.outputs.failure == '1'
- name: Fail if not up to date
run: exit 1
if: steps.push.outputs.failure == '1'