Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(github): add --ignore-scripts to lerna publish - some are failing #3330

Merged
merged 1 commit into from
Jun 19, 2024
Merged

ci(github): add --ignore-scripts to lerna publish - some are failing #3330

merged 1 commit into from
Jun 19, 2024

Conversation

petermetz
Copy link
Member

  1. Longer term we'll just fix the scripts that are crashing, but right now
    as a short term solution I disabled the script execution.
  2. It might even be more secure for us to use this ignore scripts flag
    permanently because some of the attack vectors are in those scripts which
    new versions of the dependencies can execute arbitrary code.

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com

Pull Request Requirements

  • Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
  • Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
  • Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

  • Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
  • Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

@petermetz petermetz enabled auto-merge (rebase) June 18, 2024 16:56
@petermetz
Copy link
Member Author

2024-06-18T16-25-18-cacti-nodejs-publish-failure.log

@petermetz
ci(github): add --ignore-scripts to lerna publish - some are failing
1fd4049 
1. Longer term we'll just fix the scripts that are crashing, but right now
as a short term solution I disabled the script execution.
2. It might even be more secure for us to use this ignore scripts flag
permanently because some of the attack vectors are in those scripts which
new versions of the dependencies can execute arbitrary code.

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz force-pushed the ci-npm-publish-ignore-scripts branch from ac0f1b5 to 1fd4049 Compare June 19, 2024 13:38
@petermetz petermetz merged commit 2c3bf5b into hyperledger:main Jun 19, 2024
147 of 150 checks passed
@petermetz petermetz deleted the ci-npm-publish-ignore-scripts branch June 19, 2024 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@outSH outSH outSH approved these changes

@jagpreetsinghsasan jagpreetsinghsasan jagpreetsinghsasan approved these changes

@takeutak takeutak Awaiting requested review from takeutak takeutak is a code owner

@izuru0 izuru0 Awaiting requested review from izuru0 izuru0 is a code owner

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna VRamakrishna is a code owner

@sandeepnRES sandeepnRES Awaiting requested review from sandeepnRES sandeepnRES is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@petermetz @outSH @jagpreetsinghsasan