Skip to content

Delete diff artifact after use in "Manage PRs" workflow #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 29, 2021
Merged

Delete diff artifact after use in "Manage PRs" workflow #24

merged 1 commit into from
Apr 29, 2021

Conversation

@per1234
Copy link
Contributor

@per1234 per1234 commented Apr 29, 2021

A workflow artifact is used to transfer the PR diff file from the diff job to the parse job. Once the artifact has been downloaded by the parse job, it no longer serves any purpose.

It's possible the artifact might serve as a vector for exporting secrets from the workflow. Even though I don't have any specific reasons to believe it is possible to cause secrets to be written to the artifact and the repository doesn't currently have any secrets beyond GITHUB_TOKEN, nor need for any, it's still best to remove the unnecessary artifact.

We have been using the geekyeggo/delete-artifact action with good success in the arduino/arduino-ide repository for some time now: https://github.com/arduino/arduino-ide/blob/0dd1e/.github/workflows/build.yml#L232

Demo: per1234#38
(note lack of artifact here: https://github.com/per1234/library-registry/runs/2463658819)

@per1234
Delete diff artifact after use in "Manage PRs" workflow
f678a3a 
A workflow artifact is used to transfer the PR diff file from the `diff` job to the `parse` job. Once the artifact has
been downloaded by the `parse` job, it no longer serves any purpose.

It's possible the artifact might serve as a vector for exporting secrets from the workflow. Even though I don't have any
specific reasons to believe it is possible to cause secrets to be written to the artifact and the repository doesn't
currently have any secrets beyond `GITHUB_TOKEN`, nor need for any, it's still best to remove the unnecessary artifact.
@per1234 per1234 added type: enhancement Proposed improvement topic: code Related to content of the project itself labels Apr 29, 2021
@per1234 per1234 requested review from silvanocerza and umbynos April 29, 2021 04:49
@github-actions
Copy link
Contributor

github-actions bot commented Apr 29, 2021

Hi @per1234.
Your pull request has been detected as something other than a Library Manager submission.
A maintainer will need to review it before it can be merged.

If you intended to submit a library, please check the instructions and update your pull request if necessary:
https://github.com/arduino/library-registry/blob/main/README.md#instructions

@github-actions github-actions bot added other and removed topic: code Related to content of the project itself type: enhancement Proposed improvement labels Apr 29, 2021
@per1234 per1234 merged commit 2d3f6dc into main Apr 29, 2021
@per1234 per1234 deleted the delete-artifact branch April 29, 2021 08:36
@rsora rsora added the topic: other Something other than a library list request label Sep 22, 2021
@per1234 per1234 removed the other label Oct 20, 2021
@per1234 per1234 self-assigned this Nov 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@umbynos umbynos Awaiting requested review from umbynos

1 more reviewer

@silvanocerza silvanocerza silvanocerza approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@per1234 per1234

Labels

topic: other Something other than a library list request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@per1234 @silvanocerza @rsora