fix(lambda): validate localMountPath format and length #143786
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://octokit.github.io/rest.js | |
# https://github.com/actions/toolkit/blob/master/packages/github/src/context.ts | |
name: PR Linter | |
on: | |
pull_request_target: | |
types: | |
- labeled | |
- unlabeled | |
- edited | |
- opened | |
- synchronize | |
- reopened | |
workflow_run: | |
workflows: [PR Linter Trigger] | |
types: | |
- completed | |
status: | |
jobs: | |
download-if-workflow-run: | |
runs-on: ubuntu-latest | |
outputs: | |
pr_number: ${{ steps.pr_output.outputs.pr_number }} | |
pr_sha: ${{ steps.pr_output.outputs.pr_sha }} | |
# if conditions on all individual steps because subsequent jobs depend on this job | |
# and we cannot skip it entirely | |
steps: | |
- name: 'Download artifact' | |
if: github.event_name == 'workflow_run' | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: context.payload.workflow_run.id, | |
}); | |
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "pr_info" | |
})[0]; | |
let download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
let fs = require('fs'); | |
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_info.zip`, Buffer.from(download.data)); | |
- name: 'Unzip artifact' | |
if: github.event_name == 'workflow_run' | |
run: unzip pr_info.zip | |
- name: 'Make GitHub output' | |
if: github.event_name == 'workflow_run' | |
id: 'pr_output' | |
run: | | |
echo "cat pr_number" | |
echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT" | |
echo "cat pr_sha" | |
echo "pr_sha=$(cat pr_sha)" >> "$GITHUB_OUTPUT" | |
validate-pr: | |
# Necessary to have sufficient permissions to write to the PR | |
permissions: | |
contents: read | |
pull-requests: write | |
statuses: read | |
issues: read | |
runs-on: ubuntu-latest | |
needs: download-if-workflow-run | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install & Build prlint | |
run: yarn install --frozen-lockfile && cd tools/@aws-cdk/prlint && yarn build+test | |
- name: Validate | |
uses: ./tools/@aws-cdk/prlint | |
env: | |
GITHUB_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }} | |
# PR_NUMBER and PR_SHA is empty if triggered by pull_request_target, since we already have that info | |
PR_NUMBER: ${{ needs.download-if-workflow-run.outputs.pr_number }} | |
PR_SHA: ${{ needs.download-if-workflow-run.outputs.pr_sha }} | |
REPO_ROOT: ${{ github.workspace }} |