From 324cc67c99feb3bc2324ffd2e92e611c01226074 Mon Sep 17 00:00:00 2001
From: Ed Page <eopage@gmail.com>
Date: Mon, 22 May 2023 13:29:19 -0500
Subject: [PATCH 1/2] fix(action): Harden bash script

---
 action/entrypoint.sh | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/action/entrypoint.sh b/action/entrypoint.sh
index 2dbefd1..c4963cb 100755
--- a/action/entrypoint.sh
+++ b/action/entrypoint.sh
@@ -8,7 +8,11 @@ log() {
     echo -e "$1" >&2
 }
 
+_DEFAULT_INSTALL_DIR=${HOME}/bin
+_INSTALL_DIR=${INSTALL_DIR:-${_DEFAULT_INSTALL_DIR}}
 CMD_NAME="typos"
+COMMAND="${_INSTALL_DIR}/${CMD_NAME}"
+
 TARGET=${INPUT_FILES:-"."}
 if [[ -n "${GITHUB_BASE_REF:-}" ]]; then
     BASE_REF=HEAD~  # HACK: GITHUB_BASE_REF is failing the `--verify` but `HEAD~ should be the same for pull requests
@@ -29,11 +33,12 @@ if [[ -z $(ls ${TARGET} 2>/dev/null) ]]; then
     log "ERROR: Input files (${TARGET}) not found"
     exit 1
 fi
-if [[ -z $(which ${CMD_NAME} 2>/dev/null) ]]; then
+if [[ ! -x ${COMMAND} ]]; then
     VERSION=1.14.10
     log "Downloading 'typos' v${VERSION}"
     wget --progress=dot:mega "https://github.com/crate-ci/typos/releases/download/v${VERSION}/typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz"
-    sudo tar -xzvf typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz -C /usr/local/bin ./typos
+    mkdir -p ${_INSTALL_DIR}
+    sudo tar -xzvf typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz -C ${_INSTALL_DIR} ./${CMD_NAME}
     rm typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz
 fi
 log "jq: $(jq --version)"
@@ -55,6 +60,6 @@ if [[ -n "${INPUT_CONFIG:-}" ]]; then
     ARGS+=" --config ${INPUT_CONFIG}"
 fi
 
-log "$ ${CMD_NAME} ${ARGS}"
-${CMD_NAME} ${ARGS} --format json | ${SOURCE_DIR}/format_gh.sh || true
-${CMD_NAME} ${ARGS}
+log "$ ${COMMAND} ${ARGS}"
+${COMMAND} ${ARGS} --format json | ${SOURCE_DIR}/format_gh.sh || true
+${COMMAND} ${ARGS}

From 3a0fa5b9fd931629839478e6fdd7b64294555dc4 Mon Sep 17 00:00:00 2001
From: Ed Page <eopage@gmail.com>
Date: Mon, 22 May 2023 13:30:04 -0500
Subject: [PATCH 2/2] fix(action): Don't require sudo

Fixes #723
---
 action.yml           | 1 +
 action/entrypoint.sh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index e6dfc61..016ee81 100644
--- a/action.yml
+++ b/action.yml
@@ -36,6 +36,7 @@ runs:
       run: $GITHUB_ACTION_PATH/action/entrypoint.sh
       shell: bash
       env:
+        INSTALL_DIR: .
         INPUT_FILES: ${{ inputs.files }}
         INPUT_EXTEND_IDENTIFIERS: ${{ inputs.extend_identifiers }}
         INPUT_EXTEND_WORDS: ${{ inputs.extend_words }}
diff --git a/action/entrypoint.sh b/action/entrypoint.sh
index c4963cb..923cb74 100755
--- a/action/entrypoint.sh
+++ b/action/entrypoint.sh
@@ -38,7 +38,7 @@ if [[ ! -x ${COMMAND} ]]; then
     log "Downloading 'typos' v${VERSION}"
     wget --progress=dot:mega "https://github.com/crate-ci/typos/releases/download/v${VERSION}/typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz"
     mkdir -p ${_INSTALL_DIR}
-    sudo tar -xzvf typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz -C ${_INSTALL_DIR} ./${CMD_NAME}
+    tar -xzvf typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz -C ${_INSTALL_DIR} ./${CMD_NAME}
     rm typos-v${VERSION}-x86_64-unknown-linux-musl.tar.gz
 fi
 log "jq: $(jq --version)"