fix(action): Harden bash script

This commit is contained in:
Ed Page 2023-05-22 13:29:19 -05:00
parent 5c98b91f18
commit 324cc67c99

View file

@ -8,7 +8,11 @@ log() {
echo -e "$1" >&2 echo -e "$1" >&2
} }
_DEFAULT_INSTALL_DIR=${HOME}/bin
_INSTALL_DIR=${INSTALL_DIR:-${_DEFAULT_INSTALL_DIR}}
CMD_NAME="typos" CMD_NAME="typos"
COMMAND="${_INSTALL_DIR}/${CMD_NAME}"
TARGET=${INPUT_FILES:-"."} TARGET=${INPUT_FILES:-"."}
if [[ -n "${GITHUB_BASE_REF:-}" ]]; then if [[ -n "${GITHUB_BASE_REF:-}" ]]; then
BASE_REF=HEAD~ # HACK: GITHUB_BASE_REF is failing the `--verify` but `HEAD~ should be the same for pull requests BASE_REF=HEAD~ # HACK: GITHUB_BASE_REF is failing the `--verify` but `HEAD~ should be the same for pull requests
@ -29,11 +33,12 @@ if [[ -z $(ls ${TARGET} 2>/dev/null) ]]; then
log "ERROR: Input files (${TARGET}) not found" log "ERROR: Input files (${TARGET}) not found"
exit 1 exit 1
fi fi
if [[ -z $(which ${CMD_NAME} 2>/dev/null) ]]; then if [[ ! -x ${COMMAND} ]]; then
VERSION=1.14.10 VERSION=1.14.10
log "Downloading 'typos' v${VERSION}" log "Downloading 'typos' v${VERSION}"
wget --progress=dot:mega "https://github.com/crate-ci/typos/releases/download/v${VERSION}/typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz" wget --progress=dot:mega "https://github.com/crate-ci/typos/releases/download/v${VERSION}/typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz"
sudo tar -xzvf typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz -C /usr/local/bin ./typos mkdir -p ${_INSTALL_DIR}
sudo tar -xzvf typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz -C ${_INSTALL_DIR} ./${CMD_NAME}
rm typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz rm typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz
fi fi
log "jq: $(jq --version)" log "jq: $(jq --version)"
@ -55,6 +60,6 @@ if [[ -n "${INPUT_CONFIG:-}" ]]; then
ARGS+=" --config ${INPUT_CONFIG}" ARGS+=" --config ${INPUT_CONFIG}"
fi fi
log "$ ${CMD_NAME} ${ARGS}" log "$ ${COMMAND} ${ARGS}"
${CMD_NAME} ${ARGS} --format json | ${SOURCE_DIR}/format_gh.sh || true ${COMMAND} ${ARGS} --format json | ${SOURCE_DIR}/format_gh.sh || true
${CMD_NAME} ${ARGS} ${COMMAND} ${ARGS}