Added checks for bot token and webhook url length #124
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
seratch
approved these changes
Sep 5, 2022
|
The integration tests using env variables are failing. Need to investigate later |
|
Hmmm... PRs created from Forked repositories cannot see the secret.
|
|
The test log console does not display the env variable values for better security. @stevengill Do you have any thoughts on this? I think that env variables should be correctly set but am still unsure why the length validation that is added in this PR cause the test failures. |
Yes, in the GitHub Actions log, the secret will appear as
The screenshot attached to the previous comment does not even show |
|
As described in this document, secrets cannot be referenced from workflows triggered from a forked repository.
For reference, if you want to refer to secrets from workflows triggered from a forked repository, you need to use the
|
stevengill
approved these changes
Oct 25, 2022
TylerJang27
pushed a commit
to trunk-io/plugins
that referenced
this pull request
May 22, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`18.16.1` -> `18.16.14`](https://renovatebot.com/diffs/npm/@types%2fnode/18.16.1/18.16.14) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/typescript-eslint) | [`5.59.1` -> `5.59.7`](https://renovatebot.com/diffs/npm/@typescript-eslint%2feslint-plugin/5.59.1/5.59.7) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@typescript-eslint/parser](https://togithub.com/typescript-eslint/typescript-eslint) | [`5.59.1` -> `5.59.7`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/5.59.1/5.59.7) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [eslint](https://eslint.org) ([source](https://togithub.com/eslint/eslint)) | [`8.39.0` -> `8.41.0`](https://renovatebot.com/diffs/npm/eslint/8.39.0/8.41.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [github/codeql-action](https://togithub.com/github/codeql-action) | `v2.3.0` -> `v2.3.3` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [semver](https://togithub.com/npm/node-semver) | [`7.5.0` -> `7.5.1`](https://renovatebot.com/diffs/npm/semver/7.5.0/7.5.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [slackapi/slack-github-action](https://togithub.com/slackapi/slack-github-action) | `v1.23.0` -> `v1.24.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | minor | --- ### Release Notes <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)</summary> ### [`v5.59.7`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#​5597-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5596v5597-2023-05-22) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.6...v5.59.7) **Note:** Version bump only for package [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) ### [`v5.59.6`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#​5596-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5595v5596-2023-05-15) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.5...v5.59.6) **Note:** Version bump only for package [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) ### [`v5.59.5`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#​5595-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5594v5595-2023-05-08) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.2...v5.59.5) **Note:** Version bump only for package [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) ### [`v5.59.2`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#​5592-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5591v5592-2023-05-01) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.1...v5.59.2) **Note:** Version bump only for package [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) </details> <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/parser)</summary> ### [`v5.59.7`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#​5597-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5596v5597-2023-05-22) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.6...v5.59.7) **Note:** Version bump only for package [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) ### [`v5.59.6`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#​5596-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5595v5596-2023-05-15) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.5...v5.59.6) **Note:** Version bump only for package [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) ### [`v5.59.5`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#​5595-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5594v5595-2023-05-08) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.2...v5.59.5) **Note:** Version bump only for package [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) ### [`v5.59.2`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#​5592-httpsgithubcomtypescript-eslinttypescript-eslintcomparev5591v5592-2023-05-01) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v5.59.1...v5.59.2) **Note:** Version bump only for package [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) </details> <details> <summary>eslint/eslint</summary> ### [`v8.41.0`](https://togithub.com/eslint/eslint/releases/tag/v8.41.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.40.0...v8.41.0) #### Features - [`880a431`](https://togithub.com/eslint/eslint/commit/880a4317b949e575a4a6c5e8baaba1eea7674cc6) feat: change default ignore pattern to `**/node_modules/` in flat config ([#​17184](https://togithub.com/eslint/eslint/issues/17184)) (Milos Djermanovic) - [`8bf5505`](https://togithub.com/eslint/eslint/commit/8bf550594fca6d29fab1a3453e701c1a457767e1) feat: expose `shouldUseFlatConfig` ([#​17169](https://togithub.com/eslint/eslint/issues/17169)) (Connor Prussin) #### Bug Fixes - [`4f5440d`](https://togithub.com/eslint/eslint/commit/4f5440db631707b17140c4e5cc7beb223afbd2b9) fix: incorrect warning message for ignored dotfiles ([#​17196](https://togithub.com/eslint/eslint/issues/17196)) (Milos Djermanovic) - [`94da96c`](https://togithub.com/eslint/eslint/commit/94da96cbf0fb2bb6694fa2e757eb1b3e74c40db7) fix: unify `LintMessage` type ([#​17076](https://togithub.com/eslint/eslint/issues/17076)) (Brandon Mills) - [`0c415cd`](https://togithub.com/eslint/eslint/commit/0c415cda5d76dbe5120ab9f3c4c81320538e35f0) fix: validate `ignorePatterns` constructor option in `FlatESLint` class ([#​17139](https://togithub.com/eslint/eslint/issues/17139)) (Milos Djermanovic) - [`9682d66`](https://togithub.com/eslint/eslint/commit/9682d669e4ee8641293914e21679f40fee8bc354) fix: switch `grapheme-splitter` to `graphemer` ([#​17160](https://togithub.com/eslint/eslint/issues/17160)) (fisker Cheung) #### Documentation - [`7709b14`](https://togithub.com/eslint/eslint/commit/7709b14e18ad4e11c1119ed6575454243b8e7084) docs: Update README (GitHub Actions Bot) - [`7f183e0`](https://togithub.com/eslint/eslint/commit/7f183e020579380fa57473caaf9ed154470c25b3) docs: Update triage process description ([#​17157](https://togithub.com/eslint/eslint/issues/17157)) (Nicholas C. Zakas) - [`b68346b`](https://togithub.com/eslint/eslint/commit/b68346b290d55324e73868ca42b3854157b27375) docs: fix license to reflect relicensing of jshint ([#​17165](https://togithub.com/eslint/eslint/issues/17165)) (Stefan Bischof) #### Chores - [`f43216a`](https://togithub.com/eslint/eslint/commit/f43216a8c77ab6cf1d0823978e8c728786b4cba7) chore: upgrade [@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).41.0 ([#​17200](https://togithub.com/eslint/eslint/issues/17200)) (Milos Djermanovic) - [`95c3007`](https://togithub.com/eslint/eslint/commit/95c300780a1cfd9ad680bc78850542eb55d7fbf4) chore: package.json update for [@​eslint/js](https://togithub.com/eslint/js) release (ESLint Jenkins) - [`ddc5291`](https://togithub.com/eslint/eslint/commit/ddc5291debd90ff476e17c532af7577e26720b91) chore: don't use deprecated `context` methods in `ast-utils` tests ([#​17194](https://togithub.com/eslint/eslint/issues/17194)) (Milos Djermanovic) - [`b1516db`](https://togithub.com/eslint/eslint/commit/b1516db51514032ed06e1425c4b1f955238dc682) chore: Fix return type of `findFlatConfigFile` ([#​17161](https://togithub.com/eslint/eslint/issues/17161)) (Milos Djermanovic) - [`918b0fd`](https://togithub.com/eslint/eslint/commit/918b0fd21723e84bd7acb17942a36606f1d8360a) perf: Store indent descriptors in a plain array ([#​17148](https://togithub.com/eslint/eslint/issues/17148)) (Francesco Trotta) - [`4caa344`](https://togithub.com/eslint/eslint/commit/4caa34449555d8a680222ec2049d97c59476c11e) refactor: locateConfigFileToUse returns an Error object ([#​17159](https://togithub.com/eslint/eslint/issues/17159)) (唯然) ### [`v8.40.0`](https://togithub.com/eslint/eslint/releases/tag/v8.40.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.39.0...v8.40.0) #### Features - [`5db7808`](https://togithub.com/eslint/eslint/commit/5db7808139c1f2172797285a0700f01644bda254) feat: improve flat config errors for invalid rule options and severities ([#​17140](https://togithub.com/eslint/eslint/issues/17140)) (Josh Goldberg ✨) - [`f5574dc`](https://togithub.com/eslint/eslint/commit/f5574dc739fcc74a7841217ba1f31cce02bee1ff) feat: Add findConfigFile() method to FlatESLint ([#​17142](https://togithub.com/eslint/eslint/issues/17142)) (Nicholas C. Zakas) - [`e52b98b`](https://togithub.com/eslint/eslint/commit/e52b98bf25d882da4efd5559ce5974b6697cf701) feat: add `sourceCode` property to the rule context ([#​17107](https://togithub.com/eslint/eslint/issues/17107)) (Nitin Kumar) - [`1468f5b`](https://togithub.com/eslint/eslint/commit/1468f5b640cfa6fdd8a5ec895337f692def2780b) feat: add `physicalFilename` property to the rule context ([#​17111](https://togithub.com/eslint/eslint/issues/17111)) (Nitin Kumar) - [`0df4d4f`](https://togithub.com/eslint/eslint/commit/0df4d4f658c214e51310a986c03d44d34ceae3ec) feat: add `cwd` to rule context ([#​17106](https://togithub.com/eslint/eslint/issues/17106)) (Nitin Kumar) - [`52018f2`](https://togithub.com/eslint/eslint/commit/52018f21c19b3e461cae32843cddd17ed42f19cd) feat: add `filename` property to the rule context ([#​17108](https://togithub.com/eslint/eslint/issues/17108)) (Nitin Kumar) - [`559ff4e`](https://togithub.com/eslint/eslint/commit/559ff4e4bc54a8b6e6b54825d83c532d724204b3) feat: add new `omitLastInOneLineClassBody` option to the `semi` rule ([#​17105](https://togithub.com/eslint/eslint/issues/17105)) (Nitin Kumar) #### Bug Fixes - [`f076e54`](https://togithub.com/eslint/eslint/commit/f076e54ecdb0fae70d9b43ad6888606097beef97) fix: Ensure FlatESLint#findConfigFile() doesn't throw. ([#​17151](https://togithub.com/eslint/eslint/issues/17151)) (Nicholas C. Zakas) #### Documentation - [`e980bf3`](https://togithub.com/eslint/eslint/commit/e980bf38cf441f2eb29c458b93df77dc0111b391) docs: Update README (GitHub Actions Bot) - [`e92a6fc`](https://togithub.com/eslint/eslint/commit/e92a6fc7ed2a427f5e95f4b3a1c21d71553c97ee) docs: Update README (GitHub Actions Bot) - [`af5fe64`](https://togithub.com/eslint/eslint/commit/af5fe64c398c9bd4206c3c6c1ade81768b291031) docs: Fix custom rule schema docs ([#​17115](https://togithub.com/eslint/eslint/issues/17115)) (Adam Jones) - [`4a352a9`](https://togithub.com/eslint/eslint/commit/4a352a957ba9e721bec9f6f403b419a22b0ec423) docs: explain how to include predefined globals ([#​17114](https://togithub.com/eslint/eslint/issues/17114)) (Marcus Wyatt) - [`5ea15d9`](https://togithub.com/eslint/eslint/commit/5ea15d92ee358e8f3f652c94c019cac96aaec651) docs: add mastodon link in readme ([#​17110](https://togithub.com/eslint/eslint/issues/17110)) (唯然) #### Chores - [`4053004`](https://togithub.com/eslint/eslint/commit/4053004c951813473d1c43f9f9959a9a3484242f) chore: upgrade [@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).40.0 ([#​17156](https://togithub.com/eslint/eslint/issues/17156)) (Milos Djermanovic) - [`50fed1d`](https://togithub.com/eslint/eslint/commit/50fed1da4449ad7ecbb558294438273cfce603d4) chore: package.json update for [@​eslint/js](https://togithub.com/eslint/js) release (ESLint Jenkins) - [`4c7a170`](https://togithub.com/eslint/eslint/commit/4c7a170b04c5a746e401bef7ce79766ff66a1168) chore: upgrade [@​eslint/eslintrc](https://togithub.com/eslint/eslintrc)[@​2](https://togithub.com/2).0.3 ([#​17155](https://togithub.com/eslint/eslint/issues/17155)) (Milos Djermanovic) - [`e80b7cc`](https://togithub.com/eslint/eslint/commit/e80b7cce640b60c00802148dbb51d03c7223afa9) chore: upgrade espree@9.5.2 ([#​17154](https://togithub.com/eslint/eslint/issues/17154)) (Milos Djermanovic) - [`ce3ac91`](https://togithub.com/eslint/eslint/commit/ce3ac91b510576e2afba1657aa5f09e162b4ab07) chore: upgrade eslint-visitor-keys@3.4.1 ([#​17153](https://togithub.com/eslint/eslint/issues/17153)) (Milos Djermanovic) - [`9094d79`](https://togithub.com/eslint/eslint/commit/9094d79fb42c0ebb6100426a3f2f851e8d42a0ee) chore: add `latest/` to `meta.docs.url` in all core rules ([#​17136](https://togithub.com/eslint/eslint/issues/17136)) (Milos Djermanovic) - [`d85efad`](https://togithub.com/eslint/eslint/commit/d85efad655deacc0dc3fdbbace33307094c3b91b) perf: don't use `grapheme-splitter` on ASCII strings in key-spacing rule ([#​17122](https://togithub.com/eslint/eslint/issues/17122)) (Milos Djermanovic) </details> <details> <summary>github/codeql-action</summary> ### [`v2.3.3`](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3) ### [`v2.3.2`](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) ### [`v2.3.1`](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) </details> <details> <summary>npm/node-semver</summary> ### [`v7.5.1`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​751-httpsgithubcomnpmnode-semvercomparev750v751-2023-05-12) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.0...v7.5.1) ##### Bug Fixes - [`d30d25a`](https://togithub.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab) [#​559](https://togithub.com/npm/node-semver/pull/559) show type on invalid semver error ([#​559](https://togithub.com/npm/node-semver/issues/559)) ([@​tjenkinson](https://togithub.com/tjenkinson)) </details> <details> <summary>slackapi/slack-github-action</summary> ### [`v1.24.0`](https://togithub.com/slackapi/slack-github-action/releases/tag/v1.24.0): Slack Send V1.24.0 [Compare Source](https://togithub.com/slackapi/slack-github-action/compare/v1.23.0...v1.24.0) ##### What's Changed - Add in testing instructions for maintainer's guide and standardize bullet point punctuation by [@​hello-ashleyintech](https://togithub.com/hello-ashleyintech) in [slackapi/slack-github-action#140 - Added checks for bot token and webhook url length by [@​koki-develop](https://togithub.com/koki-develop) in [slackapi/slack-github-action#124 - Add channel_id output parameter by [@​maso7](https://togithub.com/maso7) in [slackapi/slack-github-action#149 - \[[#​171](https://togithub.com/slackapi/slack-github-action/issues/171)] Update Technique 2 to use Actions context instead of values property by [@​mwbrooks](https://togithub.com/mwbrooks) in [slackapi/slack-github-action#172 - Fix interpolation of variables in file-based payloads by [@​filmaj](https://togithub.com/filmaj) in [slackapi/slack-github-action#200 - Update README.md with variable usage and links to example workflows by [@​filmaj](https://togithub.com/filmaj) in [slackapi/slack-github-action#201 ##### New Contributors - [@​koki-develop](https://togithub.com/koki-develop) made their first contribution in [slackapi/slack-github-action#124 - [@​maso7](https://togithub.com/maso7) made their first contribution in [slackapi/slack-github-action#149 - [@​mwbrooks](https://togithub.com/mwbrooks) made their first contribution in [slackapi/slack-github-action#172 - [@​hnarimiya](https://togithub.com/hnarimiya) made their first contribution in [slackapi/slack-github-action#200 **Full Changelog**: slackapi/slack-github-action@v1.23.0...v1.24.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/trunk-io/plugins). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS42Ni4xIiwidXBkYXRlZEluVmVyIjoiMzUuOTguMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
This is a pretty bad experience for security-conscious users who receive PRs from forks and aren't willing to use |
mtzguido
added a commit
to mtzguido/everest
that referenced
this pull request
Jun 13, 2023
](https://renovatebot.com){kind=link}
Sigh, to avoid errors if the token is not present, as in forked repos. See slackapi/slack-github-action#124.
mtzguido
added a commit
to project-everest/everest
that referenced
this pull request
Jun 13, 2023
Sigh, to avoid errors if the token is not present, as in forked repos. See slackapi/slack-github-action#124.
mtzguido
added a commit
to mtzguido/everest
that referenced
this pull request
Jun 19, 2023
Sigh, to avoid errors if the token is not present, as in forked repos. See slackapi/slack-github-action#124.
|
Since this PR changes current behaviour which just |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixed #123
Requirements (place an
xin each[ ])