Add LFI exploit prevention support #4237
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Add milestone to pull requests | |
on: | |
pull_request: | |
types: [closed] | |
branches: | |
- master | |
- release/v* | |
jobs: | |
add_milestone_to_merged: | |
name: Add milestone to merged pull requests | |
permissions: | |
issues: write # Required to update a pull request using the issues API | |
pull-requests: write # Required to update the milestone of a pull request | |
if: github.event.pull_request.merged && github.event.pull_request.milestone == null | |
runs-on: ubuntu-latest | |
steps: | |
- name: Add milestone to merged pull requests | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1 | |
with: | |
script: | | |
// Get project milestones | |
const response = await github.rest.issues.listMilestones({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
state: 'open' | |
}) | |
if (!response.data || response.data.length == 0) { | |
core.setFailed(`Failed to list milestones: ${response.status}`) | |
return | |
} | |
// Get the base branch | |
const base = '${{ github.event.pull_request.base.ref }}' | |
// Look for the matching milestone | |
let milestoneNumber = null | |
if (base == 'master') { | |
// Pick the milestone with the highest version as title using semver | |
milestoneNumber = response.data | |
.map(milestone => { | |
// Parse version title as semver "<major>.<minor>.<patch>" | |
const versionNumbers = milestone.title.match(/^(\d+)\.(\d+)\.(\d+)$/) | |
if (versionNumbers == null) { | |
return null | |
} | |
milestone.version = { | |
major: parseInt(versionNumbers[1]), | |
minor: parseInt(versionNumbers[2]), | |
patch: parseInt(versionNumbers[3]) | |
} | |
return milestone | |
}) | |
.filter(milestone => milestone != null) | |
.sort((a, b) => { | |
if (a.version.major != b.version.major) { | |
return a.version.major - b.version.major | |
} | |
if (a.version.minor != b.version.minor) { | |
return a.version.minor - b.version.minor | |
} | |
return a.version.patch - b.version.patch | |
}) | |
.pop()?.number | |
} else if (base.startsWith('release/v') && base.endsWith('.x')) { | |
// Extract the minor version related to the base branch (e.g. "release/v1.2.x" -> "1.2.") | |
const version = base.substring(9, base.length - 1) | |
// Pick the milestone with title matching the extracted version | |
const versionMilestone = response.data | |
.find(milestone => milestone.title.startsWith(version)) | |
if (!versionMilestone) { | |
core.setFailed(`Milestone not found for minor version: ${version}`) | |
} else { | |
milestoneNumber = versionMilestone.number | |
} | |
} else { | |
core.setFailed(`Unexpected pull request base: ${base}`) | |
} | |
// Update pull request milestone using the issues API (as pull requests are issues) | |
if (milestoneNumber != null) { | |
await github.rest.issues.update({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: ${{ github.event.pull_request.number }}, | |
milestone: milestoneNumber | |
}); | |
} |