[Submit add-on]: devHelper-v0.0.2 #2395
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Send json file | |
on: | |
issues: | |
types: | |
- labeled | |
jobs: | |
check-addon: | |
permissions: | |
contents: write | |
issues: write | |
name: Check add-on | |
if: github.event.label.name == 'autoSubmissionFromIssue' | |
runs-on: windows-latest | |
steps: | |
- name: Checkout datastore repo | |
uses: actions/checkout@v4 | |
with: | |
path: datastore | |
- name: Get data | |
id: get-data | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const setOutputFromIssue = require('./datastore/.github/workflows/getData.js') | |
setOutputFromIssue({context, core}) | |
- name: Checkout validate repo | |
uses: actions/checkout@v4 | |
with: | |
repository: nvaccess/addon-datastore-validation | |
submodules: true | |
path: validation | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Create validation errors file | |
run: echo "" > validationErrors.md | |
- name: Download add-on | |
env: | |
# transfer user input to env variables | |
# https://blog.gitguardian.com/github-actions-security-cheat-sheet/ | |
url: ${{ steps.get-data.outputs.downloadUrl }} | |
# wrap all user input in quotations to prevent RCE e.g. www.example.com/&rm -rf | |
run: curl --location --output addon.nvda-addon "$env:url" 2>> validationErrors.md | |
- name: Add extra message if curl fails to validation errors | |
if: failure() | |
run: echo "Error with downloading add-on from download URL" >> validationErrors.md | |
- name: Create JSON submission from issue | |
env: | |
# transfer user input to env variables to escape any code | |
# https://blog.gitguardian.com/github-actions-security-cheat-sheet/ | |
channel: ${{ steps.get-data.outputs.releaseChannel }} | |
publisher: ${{ steps.get-data.outputs.publisher }} | |
sourceUrl: ${{ steps.get-data.outputs.sourceUrl }} | |
url: ${{ steps.get-data.outputs.downloadUrl }} | |
licName: ${{ steps.get-data.outputs.licenseName }} | |
licUrl: ${{ steps.get-data.outputs.licenseURL }} | |
# wrap all user input in quotations to prevent RCE e.g. www.example.com/&rm -rf | |
run: | | |
validation/runcreatejson ` | |
-f addon.nvda-addon ` | |
--dir datastore\addons ` | |
--output .\validationErrors.md ` | |
--channel=""$env:channel"" ` | |
--publisher=""$env:publisher"" ` | |
--sourceUrl=""$env:sourceUrl"" ` | |
--url=""$env:url"" ` | |
--licName=""$env:licName"" ` | |
--licUrl=""$env:licUrl"" | |
- name: Post validation errors as comment | |
if: failure() | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
issue-number: ${{ github.event.issue.number }} | |
body-file: ./validationErrors.md | |
- name: Create branch | |
id: cb | |
run: | | |
cd datastore | |
git config user.name github-actions | |
git config user.email github-actions@github.com | |
git checkout -b ${{ github.event.issue.user.login }}${{ steps.get-data.outputs.issueNumber }} | |
git pull | |
git add . | |
git commit -m "Submit add-on" | |
# Force push to the branch, as we may need to be handling a resubmission attempt | |
git push -f origin ${{ github.event.issue.user.login }}${{ steps.get-data.outputs.issueNumber }} | |
- name: Upload add-on | |
uses: actions/upload-artifact@v4 | |
with: | |
name: addon | |
path: addon.nvda-addon | |
- name: Install VirusTotal | |
run: choco install vt-cli | |
- name: Scan add-on with VirusTotal | |
env: | |
VT_API_KEY: ${{ secrets.VT_API_KEY }} | |
run: vt scan file -k $env:VT_API_KEY addon.nvda-addon | |
call-workflow-passing-data: | |
needs: check-addon | |
uses: ./.github/workflows/checkAndSubmitAddonMetadata.yml | |
with: | |
issueNumber: "${{ github.event.issue.number }}" | |
issueAuthorId: ${{ github.event.issue.user.id }} | |
issueAuthorName: ${{ github.event.issue.user.login }} | |
issueTitle: ${{ github.event.issue.title }} | |
secrets: | |
VT_API_KEY: ${{ secrets.VT_API_KEY }} |