From f141760066406690a7f54a23762e3d146ea0d721 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sat, 12 Oct 2024 15:39:17 +0200 Subject: [PATCH 1/6] Fix a typos (#257) --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c43232d..10bb9e1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -133,7 +133,7 @@ jobs: debug: true continue-on-error: true - # Explictly check the exit code of the previous step + # Explicitly check the exit code of the previous step # as it's expected to fail - name: Check failIfEmpty if: steps.fail_if_empty_test.outcome != 'failure' From 71a38a3bd757f6306a6c14206219391d4e5807ed Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 13 Oct 2024 18:49:43 +0200 Subject: [PATCH 2/6] Document and use correct permissions in the GitHub workflows (#258) When the intention is to potentially create a new GitHub issue, the workflows in question need to set the permissions correctly. Otherwise the workflow runs may fail with: Error: Resource not accessible by integration which is an admittedly _very_ cryptic way to say that the `GITHUB_TOKEN` used in the GitHub workflow run lacks a particular scope to perform the desired operation. Note: The `GITHUB_TOKEN` used to have read/write permissions for all scopes by default, but that changed to read-only as per https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only; That is the reason why this here change is necessary. This fixes https://github.com/lycheeverse/lychee-action/issues/194 Signed-off-by: Johannes Schindelin --- .github/workflows/links.yml | 2 ++ README.md | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 7c9d02a..1f078fe 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -9,6 +9,8 @@ on: jobs: linkChecker: runs-on: ubuntu-latest + permissions: + issues: write # required for peter-evans/create-issue-from-file steps: - uses: actions/checkout@v4 diff --git a/README.md b/README.md index e974111..62d77bc 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Quickly check links in Markdown, HTML, and text files using [lychee]. When used in conjunction with [Create Issue From File], issues will be -opened when the action finds link problems. +opened when the action finds link problems (make sure to specify the `issues: write` permission in the [workflow](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions) or the [job](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions)). ## Usage @@ -27,6 +27,8 @@ on: jobs: linkChecker: runs-on: ubuntu-latest + permissions: + issues: write # required for peter-evans/create-issue-from-file steps: - uses: actions/checkout@v4 From 762333c18963fc10db515e32000e2e4dbcb11f5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Mond=C3=A9jar=20Rubio?= Date: Mon, 14 Oct 2024 02:52:01 +0200 Subject: [PATCH 3/6] Create SECURITY.md (#259) --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..544d785 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +To report a vulnerability in lychee-action, [open a private vulnerability report](https://github.com/lycheeverse/lychee-action/advisories/new) and you can create a patch on a private fork or, after reporting the problem, our maintainers will fix it as soon as possible. From 8ad54d3568ac3176a9fb57a0233cf04410b55cde Mon Sep 17 00:00:00 2001 From: Matthias Endler Date: Mon, 14 Oct 2024 02:55:45 +0200 Subject: [PATCH 4/6] fix link --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 544d785..71b0afe 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,4 +2,4 @@ ## Reporting a Vulnerability -To report a vulnerability in lychee-action, [open a private vulnerability report](https://github.com/lycheeverse/lychee-action/advisories/new) and you can create a patch on a private fork or, after reporting the problem, our maintainers will fix it as soon as possible. +To report a vulnerability in lychee-action, [open a private vulnerability report](https://github.com/lycheeverse/lychee-action/security/advisories/new) and you can create a patch on a private fork or, after reporting the problem, our maintainers will fix it as soon as possible. From 7cd0af4c74a61395d455af97419279d86aafaede Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Mond=C3=A9jar=20Rubio?= Date: Mon, 14 Oct 2024 10:11:58 +0200 Subject: [PATCH 5/6] Merge commit from fork --- action.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/action.yml b/action.yml index 97f42ec..9402faa 100644 --- a/action.yml +++ b/action.yml @@ -65,17 +65,17 @@ runs: id: lychee-setup run: | # Determine filename and download URL based on version - if [[ '${{ inputs.lycheeVersion }}' =~ ^v0\.0|^v0\.1[0-5]\. ]]; then - FILENAME="lychee-${{ inputs.lycheeVersion }}-x86_64-unknown-linux-gnu.tar.gz" - DOWNLOAD_URL="https://github.com/lycheeverse/lychee/releases/download/${{ inputs.lycheeVersion }}/${FILENAME}" + if [[ "${LYCHEE_VERSION}" =~ ^v0\.0|^v0\.1[0-5]\. ]]; then + FILENAME="lychee-${LYCHEE_VERSION}-x86_64-unknown-linux-gnu.tar.gz" + DOWNLOAD_URL="https://github.com/lycheeverse/lychee/releases/download/${LYCHEE_VERSION}/${FILENAME}" else FILENAME="lychee-x86_64-unknown-linux-gnu.tar.gz" - if [[ '${{ inputs.lycheeVersion }}' == 'nightly' ]]; then + if [[ "${LYCHEE_VERSION}" == 'nightly' ]]; then DOWNLOAD_URL="https://github.com/lycheeverse/lychee/releases/download/nightly/${FILENAME}" - elif [[ '${{ inputs.lycheeVersion }}' == 'latest' ]]; then + elif [[ "${LYCHEE_VERSION}" == 'latest' ]]; then DOWNLOAD_URL="https://github.com/lycheeverse/lychee/releases/latest/download/${FILENAME}" else - DOWNLOAD_URL="https://github.com/lycheeverse/lychee/releases/download/lychee-${{ inputs.lycheeVersion }}/${FILENAME}" + DOWNLOAD_URL="https://github.com/lycheeverse/lychee/releases/download/lychee-${LYCHEE_VERSION}/${FILENAME}" fi fi @@ -87,6 +87,8 @@ runs: # Output filename for use in later steps echo "filename=${FILENAME}" >> $GITHUB_OUTPUT + env: + LYCHEE_VERSION: ${{ inputs.lycheeVersion }} shell: bash - name: Install lychee From ae4699150ab670dcfb64cc74e8680e776d9caae2 Mon Sep 17 00:00:00 2001 From: LitoMore Date: Sun, 27 Oct 2024 16:17:00 +0800 Subject: [PATCH 6/6] Add missing argument `failIfEmpty` (#261) --- README.md | 10 ++++++---- entrypoint.sh | 4 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 62d77bc..e36e604 100644 --- a/README.md +++ b/README.md @@ -52,16 +52,17 @@ lychee arguments can be passed to the action via the `args` parameter. On top of that, the action also supports some additional arguments. -| Argument | Examples | Description | -| ------------- | ----------------------- | -------------------------------------------------------------------------------- | +| Argument | Examples | Description | +| ------------- | ----------------------- | ------------------------------------------------------------------------------- | | args | `--cache`, `--insecure` | See [lychee's documentation][lychee-args] for all arguments and values | | debug | `false` | Enable debug output in action (set -x). Helpful for troubleshooting | | fail | `false` | Fail workflow run on error (i.e. when [lychee exit code][lychee-exit] is not 0) | +| failIfEmpty | `false` | Fail entire pipeline if no links were found | | format | `markdown`, `json` | Summary output format | | jobSummary | `false` | Write GitHub job summary (on Markdown output only) | | lycheeVersion | `v0.15.0`, `nightly` | Overwrite the lychee version to be used | | output | `lychee/results.md` | Summary output file path | -| token | `""` | Custom GitHub token to use for API calls | +| token | `""` | Custom GitHub token to use for API calls | See [action.yml](./action.yml) for a full list of supported arguments and their default values. @@ -79,7 +80,7 @@ Here is how to pass the arguments. format: json # Use different output file path output: /tmp/foo.txt - # Use a custom GitHub token, which + # Use a custom GitHub token, which token: ${{ secrets.CUSTOM_TOKEN }} # Don't fail action on broken links fail: false @@ -113,6 +114,7 @@ So in this setup, as long as a user triggers the CI run from the same commit, it For restoring the cache, the most recent available one is used (commit hash doesn't matter). If you need more control over when caches are restored and saved, you can split the cache step and e.g. ensure to always save the cache (also when the link check step fails): + ```yml - name: Restore lychee cache id: restore-cache diff --git a/entrypoint.sh b/entrypoint.sh index ba2a65c..e5cbb55 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -32,7 +32,7 @@ eval lychee ${FORMAT} --output ${LYCHEE_TMP} ${ARGS} exit_code=$? # Overwrite the exit code in case no links were found -# and `fail-if-empty` is set to `true` (and it is by default) +# and `failIfEmpty` is set to `true` (and it is by default) if [ "${INPUT_FAILIFEMPTY}" = "true" ]; then # Explicitly set INPUT_FAIL to true to ensure the script fails # if no links are found @@ -40,7 +40,7 @@ if [ "${INPUT_FAILIFEMPTY}" = "true" ]; then # This is a somewhat crude way to check the Markdown output of lychee if grep -E 'Total\s+\|\s+0' "${LYCHEE_TMP}"; then echo "No links were found. This usually indicates a configuration error." >> "${LYCHEE_TMP}" - echo "If this was expected, set 'fail-if-empty: false' in the args." >> "${LYCHEE_TMP}" + echo "If this was expected, set 'failIfEmpty: false' in the args." >> "${LYCHEE_TMP}" exit_code=1 fi fi