-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Apply hot fix to resolve issue with untrusted git repository for `not…
…-owned` checker (#148)
- Loading branch information
Showing
6 changed files
with
46 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -132,22 +132,23 @@ Use the following environment variables to configure the application: | |
| <tt>CHECK_FAILURE_LEVEL</tt> | `warning` | Defines the level on which the application should treat check issues as failures. Defaults to `warning`, which treats both errors and warnings as failures, and exits with error code 3. Possible values are `error` and `warning`. | | ||
| <tt>OWNER_CHECKER_REPOSITORY</tt> <b>*</b> | | The owner and repository name separated by slash. For example, gh-codeowners/codeowners-samples. Used to check if GitHub owner is in the given organization. | | ||
| <tt>OWNER_CHECKER_IGNORED_OWNERS</tt> | `@ghost` | The comma-separated list of owners that should not be validated. Example: `"@owner1,@owner2,@org/team1,[email protected]"`. | | ||
| <tt>OWNER_CHECKER_ALLOW_UNOWNED_PATTERNS</tt> | `true` | Specifies whether CODEOWNERS may have unowned files. For example: <br> <br> `/infra/oncall-rotator/ @sre-team` <br> `/infra/oncall-rotator/oncall-config.yml` <br> <br> The `/infra/oncall-rotator/oncall-config.yml` file is not owned by anyone. | | ||
| <tt>OWNER_CHECKER_ALLOW_UNOWNED_PATTERNS</tt> | `true` | Specifies whether CODEOWNERS may have unowned files. For example: <br> <br> `/infra/oncall-rotator/ @sre-team` <br> `/infra/oncall-rotator/oncall-config.yml` <br> <br> The `/infra/oncall-rotator/oncall-config.yml` file is not owned by anyone. | | ||
| <tt>OWNER_CHEKER_OWNERS_MUST_BE_TEAMS</tt> | `false` | Specifies whether only teams are allowed as owners of files. | | ||
| <tt>NOT_OWNED_CHECKER_SKIP_PATTERNS</tt> | - | The comma-separated list of patterns that should be ignored by `not-owned-checker`. For example, you can specify `*` and as a result, the `*` pattern from the **CODEOWNERS** file will be ignored and files owned by this pattern will be reported as unowned unless a later specific pattern will match that path. It's useful because often we have default owners entry at the begging of the CODOEWNERS file, e.g. `* @global-owner1 @global-owner2` | | ||
| <tt>NOT_OWNED_CHECKER_SUBDIRECTORIES</tt> | - | The comma-separated list of subdirectories to check in `not-owned-checker`. When specified, only files in the listed subdirectories will be checked if they do not have specified owners in CODEOWNERS. | | ||
| <tt>NOT_OWNED_CHECKER_SUBDIRECTORIES</tt> | - | The comma-separated list of subdirectories to check in `not-owned-checker`. When specified, only files in the listed subdirectories will be checked if they do not have specified owners in CODEOWNERS. | | ||
| <tt>NOT_OWNED_CHECKER_TRUST_WORKSPACE</tt> | `false` | Specifies whether the repository path should be marked as safe. See: https://github.com/actions/checkout/issues/766. | | ||
|
||
<b>*</b> - Required | ||
|
||
#### Exit status codes | ||
|
||
Application exits with different status codes which allow you to easily distinguish between error categories. | ||
|
||
| Code | Description | | ||
|:-----:|:------------| | ||
| **1** | The application startup failed due to the wrong configuration or internal error. | | ||
| Code | Description | | ||
|:-----:|:------------------------------------------------------------------------------------------| | ||
| **1** | The application startup failed due to the wrong configuration or internal error. | | ||
| **2** | The application was closed because the OS sends a termination signal (SIGINT or SIGTERM). | | ||
| **3** | The CODEOWNERS validation failed - executed checks found some issues. | | ||
| **3** | The CODEOWNERS validation failed - executed checks found some issues. | | ||
|
||
## Contributing | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -44,23 +44,28 @@ inputs: | |
default: "${{ github.repository }}" | ||
|
||
owner_checker_ignored_owners: | ||
description: "The comma-separated list of owners that should not be validated. Example: @owner1,@owner2,@org/team1,[email protected]." | ||
description: "The comma-separated list of owners that should not be validated. Example: @owner1,@owner2,@org/team1,[email protected]." | ||
required: false | ||
|
||
owner_checker_allow_unowned_patterns: | ||
description: "Specifies whether CODEOWNERS may have unowned files. For example, `/infra/oncall-rotator/oncall-config.yml` doesn't have owner and this is not reported." | ||
description: "Specifies whether CODEOWNERS may have unowned files. For example, `/infra/oncall-rotator/oncall-config.yml` doesn't have owner and this is not reported." | ||
default: "true" | ||
required: false | ||
|
||
owner_checker_owners_must_be_teams: | ||
description: "Specifies whether only teams are allowed as owners of files." | ||
description: "Specifies whether only teams are allowed as owners of files." | ||
default: "false" | ||
required: false | ||
|
||
not_owned_checker_subdirectories: | ||
description: "Only check listed subdirectories for CODEOWNERS ownership that don't have owners." | ||
description: "Only check listed subdirectories for CODEOWNERS ownership that don't have owners." | ||
required: false | ||
|
||
not_owned_checker_trust_workspace: | ||
description: "Specifies whether the repository path should be marked as safe. See: https://github.com/actions/checkout/issues/766" | ||
required: false | ||
default: "true" | ||
|
||
runs: | ||
using: 'docker' | ||
image: 'docker://ghcr.io/mszostok/codeowners-validator:v0.7.3' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters