From 9054bfe1ffe70e528d847d9e5cc56ff6befa3286 Mon Sep 17 00:00:00 2001 From: Chris Yeninas <844685+PhantomGamers@users.noreply.github.com> Date: Sat, 27 Nov 2021 05:26:13 -0500 Subject: [PATCH 1/6] build.yaml: also build on pull request - additionally sets artifact name to QSB-BRANCHORTAGNAME-RUNID --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 3a0c3324..ba963d0c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -3,10 +3,10 @@ name: Build on: push: branches: [dev] + pull_request: workflow_dispatch: jobs: - build: runs-on: windows-latest steps: @@ -17,5 +17,5 @@ jobs: - run: dotnet build -c Release - uses: actions/upload-artifact@v2 with: - name: QSB-prerelease + name: QSB-${{ env.GITHUB_REF_NAME }}-${{ env.GITHUB_RUN_ID }} path: .\QSB\Bin\Release \ No newline at end of file From d44adf5a02b4fdd29bc9faafe2343efffae91719 Mon Sep 17 00:00:00 2001 From: Chris Yeninas <844685+PhantomGamers@users.noreply.github.com> Date: Sat, 27 Nov 2021 05:33:17 -0500 Subject: [PATCH 2/6] build.yaml: use contexts --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ba963d0c..033e876b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -17,5 +17,5 @@ jobs: - run: dotnet build -c Release - uses: actions/upload-artifact@v2 with: - name: QSB-${{ env.GITHUB_REF_NAME }}-${{ env.GITHUB_RUN_ID }} + name: QSB-${{ github.ref_name }}-${{ github.run_id }} path: .\QSB\Bin\Release \ No newline at end of file From 8a877082daea6f9556c0f60ad3729ff7e455c481 Mon Sep 17 00:00:00 2001 From: Chris Yeninas <844685+PhantomGamers@users.noreply.github.com> Date: Sat, 27 Nov 2021 05:46:39 -0500 Subject: [PATCH 3/6] build.yaml: fix output name --- .github/workflows/build.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 033e876b..d290c778 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -10,6 +10,18 @@ jobs: build: runs-on: windows-latest steps: + + # Replace / with _ in ref name so that it can be used in a filename + - uses: mad9000/actions-find-and-replace-string@2 + id: sanitizeRef + with: + source: ${{ github.ref_name }} + find: '/' + replace: '_' + # Get short-sha so that it can be used in a filename + - uses: benjlevesque/short-sha@v1.2 + id: short-sha + - uses: actions/checkout@v2 - uses: actions/setup-dotnet@v1 with: @@ -17,5 +29,5 @@ jobs: - run: dotnet build -c Release - uses: actions/upload-artifact@v2 with: - name: QSB-${{ github.ref_name }}-${{ github.run_id }} + name: QSB-${{ steps.sanitizeRef.outputs.value }}-${{ steps.short-sha.outputs.sha }} path: .\QSB\Bin\Release \ No newline at end of file From 92473a5632ed53f914b7f8a6db302ee664135955 Mon Sep 17 00:00:00 2001 From: Chris Yeninas <844685+PhantomGamers@users.noreply.github.com> Date: Sat, 27 Nov 2021 06:02:53 -0500 Subject: [PATCH 4/6] build.yaml: don't run untrusted submissions --- .github/workflows/build.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d290c778..b05f8a11 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -8,6 +8,9 @@ on: jobs: build: + # only runs if: + # not a PR, PR is approved, or PR is pushed by the repo owner or a collaborator + if: not github.base_ref || github.event.review.state == 'approved' || github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'OWNER' runs-on: windows-latest steps: From eea85a425caf5549394f48ef962aaff30f281939 Mon Sep 17 00:00:00 2001 From: Chris Yeninas <844685+PhantomGamers@users.noreply.github.com> Date: Sat, 27 Nov 2021 06:04:37 -0500 Subject: [PATCH 5/6] Update build.yaml --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b05f8a11..909870e4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -10,7 +10,7 @@ jobs: build: # only runs if: # not a PR, PR is approved, or PR is pushed by the repo owner or a collaborator - if: not github.base_ref || github.event.review.state == 'approved' || github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'OWNER' + if: github.base_ref == '' || github.event.review.state == 'approved' || github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'OWNER' runs-on: windows-latest steps: From 1a685451ede7ebbd298f56b35ab23606961ced6d Mon Sep 17 00:00:00 2001 From: Chris Yeninas <844685+PhantomGamers@users.noreply.github.com> Date: Sat, 27 Nov 2021 06:15:45 -0500 Subject: [PATCH 6/6] build.yaml: remove check this check isn't really needed since we can ensure only trusted people have the ability to run workflows --- .github/workflows/build.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 909870e4..d290c778 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -8,9 +8,6 @@ on: jobs: build: - # only runs if: - # not a PR, PR is approved, or PR is pushed by the repo owner or a collaborator - if: github.base_ref == '' || github.event.review.state == 'approved' || github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'OWNER' runs-on: windows-latest steps: