Ua hōʻike ʻia nā vulnerabilities i ka GitHub Actions, i kāhea ʻia i ka wā e hoʻouna ana i nā noi huki i ka waihona waihona ʻo Nixpkgs, i hoʻohana ʻia i ka hāʻawi ʻana iā NixOS a me ka ʻōnaehana ʻo Nix package manager. Ua ʻae ka nāwaliwali i kahi mea hoʻohana ʻole e unuhi i kahi hōʻailona e hāʻawi ana i ka heluhelu a me ke kākau ʻana i ke komo ʻana i ke kumu kumu o nā pūʻolo āpau i hoʻokipa ʻia ma Nixpkgs. Ua ʻae kēia hōʻailona i ka hoʻololi pololei ʻana i kekahi pūʻolo ma o ka waihona Git o ka papahana, e kaʻawale ana i nā kaʻina loiloi a ʻae ʻia.
ʻO ka hiki ke hoʻololi i ka Nixpkgs a hoʻokomo i nā code maʻamau i loko o kekahi pūʻolo i hōʻike ʻia e nā mea noiʻi palekana i ka ʻOkakopa i hala ma ka hālāwai NixCon a ua hoʻopaʻa koke ʻia i loko o ka ʻōnaehana o ka papahana. Eia naʻe, ua hōʻike wale ʻia nā kikoʻī o ka hoʻouka ʻana i hoʻokahi makahiki ma hope. Ua pili ka pilikia i ka hoʻohana ʻana i nā mea lawelawe ʻo GitHub Actions i ka waihona Nixpkgs GitHub, i hoʻopaʻa ʻia i ka hanana "pull_request_target" a hana i nā loiloi automated ma nā noi huki hou.
ʻAʻole like me ka hanana "pull_request", ua hāʻawi ʻia nā mea lawelawe i ka "pull_request_target" i ka heluhelu / kākau ʻana i ke ʻano o ke kūkulu hale, kahi e koi ai i ka mālama kūikawā i ka wā e hana ai me ka ʻikepili i hāʻawi ʻia i kahi noi huki. ʻO kekahi o nā mea paʻa i hoʻopaʻa ʻia i ka "pull_request_target" i hōʻoia i ka faila "OWNERS" i hāʻawi ʻia i ka noi huki ma ke kūkulu ʻana a kāhea ʻana i ka pono codeowners-validator: nā ʻanuʻu: — hoʻohana: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf me: ref: refs/pull/$/merge ala: -prVlidator base holo: hopena/bin/codeowners-validator env: OWNERS_FILE: pr/ci/OWNERS
ʻO ka pilikia inā ʻaʻole i hoʻopololei ʻia ka faila OWNERS, e hoʻopuka ka codeowners-validator utility i nā ʻike o ke kaula hewa i ka log maʻamau a hiki i ka lehulehu. ʻO ka hoʻouka ʻana i kau ʻia i kahi loulou hōʻailona i kapa ʻia ʻo OWNERS i ka noi huki, e kuhikuhi ana i ka faila ".credentials", kahi e mālama ai i nā hōʻoia i loko o ke kahua kūkulu. No laila, ʻo ka hoʻoponopono ʻana i kēia faila i loaʻa i kahi hewa a ʻo ka laina mua, i loaʻa ka hōʻailona hōʻailona waihona, ua hoʻopuka ʻia i ka log lehulehu.
Hoʻohui ʻia, ʻike ʻia kahi nāwaliwali ʻē aʻe i ka mea nāna e nānā i nā lula editorconfig. ʻanuʻu: — inoa: E kiʻi i ka papa inoa o nā faila i hoʻololi ʻia mai ka holo PR: gh api […] | jq [ … ] > «$HOME/changed_files» — hoʻohana: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 me: ref: refs/pull/$/merge — inoa: Ke nānā nei i ka EditorConfig holo: cat «$HOME/changed_files» | xargs -r editorconfig-checker
I kēia hihia, ʻo ka pilikia ka hoʻohana ʻana i ka pono "xargs" e holo i ka editorconfig-checker me kēlā me kēia faila i ka noi huki. No ka mea ʻaʻole i hōʻoia ʻia nā inoa file, hiki i ka mea hoʻouka ke hoʻokomo i kahi faila i loaʻa nā huaʻōlelo kūikawā i ka noi huki, e hana ʻia e like me nā manaʻo laina kauoha i ka wā e holo ana i ka editorconfig-checker. No ka laʻana, i ka hana ʻana i kahi faila "--help", e hōʻike ʻo editorconfig-checker i kahi hint e pili ana i nā koho i loaʻa.
Source: opennet.ru
