chore(ci): Ensure docs-gen workflow are not vulnerable to injection attacks (#6100)
This commit is contained in:
Seth Vargo
GitHub
parent
431a312d4d
commit
9912577a2b
|
|
@ -4,8 +4,8 @@ labels: ['kind/bug', 'status/need-triage']
|
||||||
body:
|
body:
|
||||||
- type: markdown
|
- type: markdown
|
||||||
attributes:
|
attributes:
|
||||||
value: |
|
value: |-
|
||||||
> [!IMPORTANT]
|
> [!IMPORTANT]
|
||||||
> Thanks for taking the time to fill out this bug report!
|
> Thanks for taking the time to fill out this bug report!
|
||||||
>
|
>
|
||||||
> Please search **[existing issues](https://github.com/google-gemini/gemini-cli/issues)** to see if an issue already exists for the bug you encountered.
|
> Please search **[existing issues](https://github.com/google-gemini/gemini-cli/issues)** to see if an issue already exists for the bug you encountered.
|
||||||
|
|
@ -30,7 +30,7 @@ body:
|
||||||
attributes:
|
attributes:
|
||||||
label: Client information
|
label: Client information
|
||||||
description: Please paste the full text from the `/about` command run from Gemini CLI. Also include which platform (macOS, Windows, Linux).
|
description: Please paste the full text from the `/about` command run from Gemini CLI. Also include which platform (macOS, Windows, Linux).
|
||||||
value: |
|
value: |-
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
```console
|
```console
|
||||||
|
|
|
||||||
|
|
@ -4,8 +4,8 @@ labels: ['kind/enhancement', 'status/need-triage']
|
||||||
body:
|
body:
|
||||||
- type: markdown
|
- type: markdown
|
||||||
attributes:
|
attributes:
|
||||||
value: |
|
value: |-
|
||||||
> [!IMPORTANT]
|
> [!IMPORTANT]
|
||||||
> Thanks for taking the time to suggest an enhancement!
|
> Thanks for taking the time to suggest an enhancement!
|
||||||
>
|
>
|
||||||
> Please search **[existing issues](https://github.com/google-gemini/gemini-cli/issues)** to see if a similar feature has already been requested.
|
> Please search **[existing issues](https://github.com/google-gemini/gemini-cli/issues)** to see if a similar feature has already been requested.
|
||||||
|
|
|
||||||
|
|
@ -1,54 +1,50 @@
|
||||||
# Sample workflow for building and deploying a Jekyll site to GitHub Pages
|
name: 'Deploy GitHub Pages'
|
||||||
name: Deploy Jekyll with GitHub Pages dependencies preinstalled
|
|
||||||
|
|
||||||
on:
|
on:
|
||||||
# Runs on pushes targeting the default branch
|
|
||||||
push:
|
push:
|
||||||
tags: 'v*'
|
tags: 'v*'
|
||||||
|
|
||||||
# Allows you to run this workflow manually from the Actions tab
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: 'read'
|
||||||
pages: write
|
pages: 'write'
|
||||||
id-token: write
|
id-token: 'write'
|
||||||
|
|
||||||
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
|
# Allow only one concurrent deployment, skipping runs queued between the run
|
||||||
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
|
# in-progress and latest queued. However, do NOT cancel in-progress runs as we
|
||||||
|
# want to allow these production deployments to complete.
|
||||||
concurrency:
|
concurrency:
|
||||||
group: 'pages'
|
group: '${{ github.workflow }}'
|
||||||
cancel-in-progress: false
|
cancel-in-progress: false
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
# This 'if' condition is the key. It ensures the job only runs if the
|
if: |-
|
||||||
# tag name does NOT contain the substring 'nightly'.
|
${{ !contains(github.ref_name, 'nightly') }}
|
||||||
if: "contains(github.ref_name, 'nightly') == false"
|
runs-on: 'ubuntu-latest'
|
||||||
# Build job
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: 'Checkout'
|
||||||
uses: actions/checkout@v4
|
uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5
|
||||||
- name: Setup Pages
|
|
||||||
uses: actions/configure-pages@v5
|
- name: 'Setup Pages'
|
||||||
- name: Build with Jekyll
|
uses: 'actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b' # ratchet:actions/configure-pages@v5
|
||||||
uses: actions/jekyll-build-pages@v1
|
|
||||||
with:
|
- name: 'Build with Jekyll'
|
||||||
source: ./
|
uses: 'actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697' # ratchet:actions/jekyll-build-pages@v1
|
||||||
destination: ./_site
|
with:
|
||||||
- name: Upload artifact
|
source: './'
|
||||||
uses: actions/upload-pages-artifact@v3
|
destination: './_site'
|
||||||
|
|
||||||
|
- name: 'Upload artifact'
|
||||||
|
uses: 'actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa' # ratchet:actions/upload-pages-artifact@v3
|
||||||
|
|
||||||
# Deployment job
|
|
||||||
deploy:
|
deploy:
|
||||||
environment:
|
environment:
|
||||||
name: github-pages
|
name: 'github-pages'
|
||||||
url: ${{ steps.deployment.outputs.page_url }}
|
url: '${{ steps.deployment.outputs.page_url }}'
|
||||||
runs-on: ubuntu-latest
|
runs-on: 'ubuntu-latest'
|
||||||
needs: build
|
needs: 'build'
|
||||||
steps:
|
steps:
|
||||||
- name: Deploy to GitHub Pages
|
- name: 'Deploy to GitHub Pages'
|
||||||
id: deployment
|
id: 'deployment'
|
||||||
uses: actions/deploy-pages@v4
|
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # ratchet:actions/deploy-pages@v4
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue