From abc1caacc9059a1c6f1a246bd6f5c1ea7152d5ed Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 21:53:42 +0300 Subject: [PATCH 01/19] FEAT: Updates - updated cacert.pem --- CHANGELOG.md | 6 ++++++ src/cacert.pem | 51 ++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fc5f90a..076ce63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Security +## [2.3.2] - 2024-06-08 + +### Changed + +- Updated cacert.pem + ## [2.3.1] - 2024-01-03 ### Added diff --git a/src/cacert.pem b/src/cacert.pem index d8fda7d..f78a610 100644 --- a/src/cacert.pem +++ b/src/cacert.pem @@ -1,7 +1,7 @@ ## ## Bundle of CA Root Certificates ## -## Certificate data from Mozilla as of: Tue Dec 12 04:12:04 2023 GMT +## Certificate data from Mozilla as of: Mon Mar 11 15:25:27 2024 GMT ## ## This is a bundle of X.509 certificates of public Certificate Authorities ## (CA). These were automatically extracted from Mozilla's root certificates @@ -14,7 +14,7 @@ ## Just configure this file as the SSLCACertificateFile. ## ## Conversion done with mk-ca-bundle.pl version 1.29. -## SHA256: 1970dd65858925d68498d2356aea6d03f764422523c5887deca8ce3ba9e1f845 +## SHA256: 4d96bd539f4719e9ace493757afbe4a23ee8579de1c97fbebc50bba3c12e8c1e ## @@ -3532,3 +3532,50 @@ dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN lM47ni3niAIi9G7oyOzWPPO5std3eqx7 -----END CERTIFICATE----- + +Telekom Security TLS ECC Root 2020 +================================== +-----BEGIN CERTIFICATE----- +MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE +RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl +a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz +NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg +R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG +SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1 +2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC +MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ +Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU +ga/sf+Rn27iQ7t0l +-----END CERTIFICATE----- + +Telekom Security TLS RSA Root 2023 +================================== +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG +EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU +ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy +NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp +dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC +KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP +GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx +UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo +l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9 +FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v +zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg +rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML +KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S +WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2 +p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+ +sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp +kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy +/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4 +mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz +aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa +oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8 +wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE +HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0 +o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A= +-----END CERTIFICATE----- From a7d9d8f8a640be180dad375f265e478eacfd0ae6 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 22:00:23 +0300 Subject: [PATCH 02/19] FEAT: DevOps - updated docker-compose.yml --- docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb2765b..93ab66d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.8' - name: geonames-client services: From d5ecc647ecd519281633ccdc995c6ff5176cf9fc Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 22:08:21 +0300 Subject: [PATCH 03/19] FEAT: DevOps - updated GitHub workflow actions to node.js v20 --- .github/workflows/shared-lint.yml | 2 +- .github/workflows/shared-test.yml | 4 ++-- .github/workflows/validate.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/shared-lint.yml b/.github/workflows/shared-lint.yml index ede89f4..530a7a1 100644 --- a/.github/workflows/shared-lint.yml +++ b/.github/workflows/shared-lint.yml @@ -22,7 +22,7 @@ jobs: runs-on: ${{ inputs.operating-system }} steps: - name: "Checkout" - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: "Setup PHP" uses: shivammathur/setup-php@v2 with: diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index 8252af2..01550a0 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -31,7 +31,7 @@ jobs: name: "PHP ${{ matrix.php }} on ${{ matrix.os }}" steps: - name: "Checkout" - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: "Setup PHP" uses: shivammathur/setup-php@v2 with: @@ -39,7 +39,7 @@ jobs: extensions: ${{ join(fromJson(inputs.php-extensions), ',') }} - name: "Composer: Cache packages" id: composer-cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: vendor key: ${{ matrix.os }}-php-${{ matrix.php }}-${{ hashFiles('**/composer.json') }} diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ca49e32..3bf689a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -18,7 +18,7 @@ jobs: versions: ${{ steps.php-info-matrix.outputs.version }} lowest-version: ${{ steps.php-info-matrix.outputs.lowest }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - id: php-info-matrix uses: WyriHaximus/github-action-composer-php-versions-in-range@v1 From 566fe225a2058eb1c79c25285f0f9aa6630acc9a Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:04:52 +0300 Subject: [PATCH 04/19] FEAT: DevOps - test direct use of secrets --- .github/workflows/shared-test.yml | 10 ++++++---- .github/workflows/validate.yml | 3 +-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index 01550a0..dd96a47 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -15,14 +15,16 @@ on: type: string required: true description: "JSON array of PHP extensions" - secrets: - geonames-username: - required: true + use-secure-environment: + type: boolean + required: false + default: false + description: "Whether to use the secure environment" jobs: test: env: - GEONAMES_USERNAME: ${{ secrets.geonames-username }} + GEONAMES_USERNAME: ${{ secrets.GEONAMES_USERNAME }} strategy: matrix: os: ${{ fromJson(inputs.operating-systems) }} diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 3bf689a..ee436d9 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -44,5 +44,4 @@ jobs: operating-systems: '["ubuntu-latest", "macos-latest", "windows-latest"]' php-versions: ${{ needs.get-php-info.outputs.versions }} php-extensions: ${{ needs.get-php-info.outputs.extensions }} - secrets: - geonames-username: ${{ secrets.GEONAMES_USERNAME }} + use-secure-environment: ${{ github.event.pull_request.head.repo.full_name != github.repository }} From 9d7d05045f9f13865f8f6b07e634415b82195c82 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:16:09 +0300 Subject: [PATCH 05/19] FEAT: DevOps - test forks wip --- .github/workflows/shared-test.yml | 6 +++++- .github/workflows/validate.yml | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index dd96a47..bc8b38d 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -20,11 +20,15 @@ on: required: false default: false description: "Whether to use the secure environment" + secrets: + geonames-username: + required: true jobs: test: env: - GEONAMES_USERNAME: ${{ secrets.GEONAMES_USERNAME }} + GEONAMES_USERNAME: ${{ secrets.geonames-username }} + environment: test-forks strategy: matrix: os: ${{ fromJson(inputs.operating-systems) }} diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ee436d9..426a761 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -45,3 +45,5 @@ jobs: php-versions: ${{ needs.get-php-info.outputs.versions }} php-extensions: ${{ needs.get-php-info.outputs.extensions }} use-secure-environment: ${{ github.event.pull_request.head.repo.full_name != github.repository }} + secrets: + geonames-username: ${{ secrets.GEONAMES_USERNAME }} From 2870fc08454fe353e970de0346c6600d5fe56474 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:22:07 +0300 Subject: [PATCH 06/19] FEAT: DevOps - test forks wip --- .github/workflows/shared-test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index bc8b38d..d135e70 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -28,7 +28,6 @@ jobs: test: env: GEONAMES_USERNAME: ${{ secrets.geonames-username }} - environment: test-forks strategy: matrix: os: ${{ fromJson(inputs.operating-systems) }} From 7562765cae3675f8e9a6002c0c1bc41be68d0290 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:22:48 +0300 Subject: [PATCH 07/19] FEAT: DevOps - switched to pull_request_target trigger --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 426a761..0a4ac93 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,7 +1,7 @@ name: "validate" on: - pull_request: + pull_request_target: branches: [ "master" ] push: branches: [ "master" ] From ea04258cad8a2e63c9c2d351213f33df0f4d4e6b Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:26:40 +0300 Subject: [PATCH 08/19] FEAT: DevOps - removed unused code --- .github/workflows/shared-test.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index d135e70..01550a0 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -15,11 +15,6 @@ on: type: string required: true description: "JSON array of PHP extensions" - use-secure-environment: - type: boolean - required: false - default: false - description: "Whether to use the secure environment" secrets: geonames-username: required: true From 14969c0219580d4a3806ebe2c5d1bf939e1a038a Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:27:07 +0300 Subject: [PATCH 09/19] FEAT: DevOps - removed unused code --- .github/workflows/validate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 0a4ac93..157c68b 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -44,6 +44,5 @@ jobs: operating-systems: '["ubuntu-latest", "macos-latest", "windows-latest"]' php-versions: ${{ needs.get-php-info.outputs.versions }} php-extensions: ${{ needs.get-php-info.outputs.extensions }} - use-secure-environment: ${{ github.event.pull_request.head.repo.full_name != github.repository }} secrets: geonames-username: ${{ secrets.GEONAMES_USERNAME }} From 10b22756d3ed4772639a93a0eaf5ab8619fe55c8 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:31:11 +0300 Subject: [PATCH 10/19] FEAT: DevOps - added changes --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 076ce63..c19144d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Updated cacert.pem +- Allow access to env variables for forks ## [2.3.1] - 2024-01-03 From 3f0731668b42c0604b15a0f6d7ae74a36bfcb57f Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:35:41 +0300 Subject: [PATCH 11/19] FEAT: DevOps - fixed target rules --- .github/workflows/validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 157c68b..f471559 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -2,6 +2,7 @@ name: "validate" on: pull_request_target: + types: ["opened", "synchronize", "reopened"] branches: [ "master" ] push: branches: [ "master" ] From 5731181ce4efc090cd5ba51ae13367f717a8a18f Mon Sep 17 00:00:00 2001 From: Aternus Date: Sat, 8 Jun 2024 23:38:59 +0300 Subject: [PATCH 12/19] FEAT: DevOps - fixed target rules --- .github/workflows/validate.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index f471559..3bf689a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,8 +1,7 @@ name: "validate" on: - pull_request_target: - types: ["opened", "synchronize", "reopened"] + pull_request: branches: [ "master" ] push: branches: [ "master" ] From 306b78357212598e5c8053201f4a997347bd284a Mon Sep 17 00:00:00 2001 From: Aternus Date: Sun, 9 Jun 2024 08:50:22 +0300 Subject: [PATCH 13/19] FEAT: DevOps - added user permissions check --- .editorconfig | 4 ++++ .github/workflows/shared-test.yml | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/.editorconfig b/.editorconfig index 9577f49..108fcc7 100644 --- a/.editorconfig +++ b/.editorconfig @@ -33,3 +33,7 @@ ij_markdown_min_lines_around_header = 1 ij_markdown_min_lines_between_paragraphs = 1 ij_markdown_wrap_text_if_long = true ij_markdown_wrap_text_inside_blockquotes = true + +[{*.yaml,*.yml}] +indent_size = 2 +ij_yaml_sequence_on_new_line = true diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index 01550a0..9e0ef16 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -20,7 +20,28 @@ on: required: true jobs: + validate-user-permissions: + runs-on: ubuntu-latest + name: "Validate User Permissions" + steps: + - name: "Get user permissions" + id: userPermissions + uses: actions-cool/check-user-permission@v2 + with: + require: "write" + username: ${{ github.triggering_actor }} + - name: "Check user permissions" + if: steps.userPermissions.outputs.check-result == 'false' + run: | + echo "${{ github.triggering_actor }} does not have permissions on this repo." + echo "Current permission level is ${{ steps.userPermissions.outputs.user-permission }}" + echo "Job originally triggered by ${{ github.actor }}" + exit 1 + + test: + needs: + - validate-user-permissions env: GEONAMES_USERNAME: ${{ secrets.geonames-username }} strategy: From 13db44c007bc1884da2d3ff9c70f6a60727ab457 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sun, 9 Jun 2024 08:58:40 +0300 Subject: [PATCH 14/19] FEAT: DevOps - added user permissions check --- .github/workflows/shared-test.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index 9e0ef16..45afcc2 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -33,10 +33,12 @@ jobs: - name: "Check user permissions" if: steps.userPermissions.outputs.check-result == 'false' run: | - echo "${{ github.triggering_actor }} does not have permissions on this repo." - echo "Current permission level is ${{ steps.userPermissions.outputs.user-permission }}" - echo "Job originally triggered by ${{ github.actor }}" + echo "${{ github.triggering_actor }} does not have 'write' permission on this repo." + echo "Originally triggered by ${{ github.actor }}" exit 1 + - name: "Audit: user permissions" + run: | + echo "Audit: Execution by ${{ github.triggering_actor }} with ${{ steps.userPermissions.outputs.user-permission }} permissions" test: @@ -53,6 +55,8 @@ jobs: steps: - name: "Checkout" uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} # must validate user permissions PRIOR to checkout ⚠️ - name: "Setup PHP" uses: shivammathur/setup-php@v2 with: From 71cdd27c4ae4d7a8ce7d1bec94c14a40c4d31428 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sun, 9 Jun 2024 09:07:48 +0300 Subject: [PATCH 15/19] FEAT: DevOps - fixed ref value --- .github/workflows/shared-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index 45afcc2..20fd7df 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -56,7 +56,7 @@ jobs: - name: "Checkout" uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.sha }} # must validate user permissions PRIOR to checkout ⚠️ + ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} # must validate user permissions PRIOR to checkout ⚠️ - name: "Setup PHP" uses: shivammathur/setup-php@v2 with: From 86ed059ca11f1add833d5ed86d5540355834f6d6 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sun, 9 Jun 2024 09:16:43 +0300 Subject: [PATCH 16/19] FEAT: DevOps - test --- .github/workflows/validate.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 3bf689a..136b45c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,8 +1,9 @@ name: "validate" on: - pull_request: + pull_request_target: branches: [ "master" ] + types: [ "opened", "synchronize", "reopened", "ready_for_review" ] push: branches: [ "master" ] From bd41f32485db9211926906746a1ef13cb3ff8bca Mon Sep 17 00:00:00 2001 From: Aternus Date: Sun, 9 Jun 2024 09:21:30 +0300 Subject: [PATCH 17/19] FEAT: DevOps - test --- .github/workflows/validate.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 136b45c..7e1fdd3 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,6 +1,8 @@ name: "validate" on: + pull_request: + branches: [ "master" ] pull_request_target: branches: [ "master" ] types: [ "opened", "synchronize", "reopened", "ready_for_review" ] From c7d82fbe0b02724663f1d724ba675835c1f1700e Mon Sep 17 00:00:00 2001 From: Aternus Date: Sun, 9 Jun 2024 09:40:17 +0300 Subject: [PATCH 18/19] FEAT: DevOps - test --- .github/workflows/validate.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 7e1fdd3..3bf689a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -3,9 +3,6 @@ name: "validate" on: pull_request: branches: [ "master" ] - pull_request_target: - branches: [ "master" ] - types: [ "opened", "synchronize", "reopened", "ready_for_review" ] push: branches: [ "master" ] From 301bd4859b185d487a40e7bd2a3868125802ad93 Mon Sep 17 00:00:00 2001 From: Aternus Date: Sun, 9 Jun 2024 10:04:37 +0300 Subject: [PATCH 19/19] FEAT: DevOps - test --- .github/workflows/shared-test.yml | 2 +- .github/workflows/validate.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shared-test.yml b/.github/workflows/shared-test.yml index 20fd7df..a9c5244 100644 --- a/.github/workflows/shared-test.yml +++ b/.github/workflows/shared-test.yml @@ -56,7 +56,7 @@ jobs: - name: "Checkout" uses: actions/checkout@v4 with: - ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} # must validate user permissions PRIOR to checkout ⚠️ + ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }} # must validate user permissions PRIOR to checkout ⚠️ - name: "Setup PHP" uses: shivammathur/setup-php@v2 with: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 3bf689a..59f13e8 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,8 +1,9 @@ name: "validate" on: - pull_request: + pull_request_target: branches: [ "master" ] + types: [ "opened", "closed", "synchronize", "ready_for_review" ] push: branches: [ "master" ]