mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-06-01 12:18:44 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: Address remaining CodeRabbit review comments

Browse Source 
- Fix invalid jq string filter syntax (missing quotes around interpolation)
- Add environment validation job in deploy.yml for workflow_call input
- Add fork detection guard in deploy-pr.yml to prevent fork PR deployments

Fixes:
- deploy.yml:183-184 - jq filter syntax error
- deploy.yml:31 - unvalidated environment input in reusable workflow
- deploy-pr.yml:5 - fork PR deployments blocked by pull_request_review restrictions
- deploy-pr.yml:168-200 - jq filter syntax errors
This commit is contained in:
Ollama
2026-05-15 09:57:03 +02:00
parent 2acfb4773e
commit 5827f60045
2 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/deploy-pr.yml vendored
View File

@@ -17,7 +17,9 @@ jobs:
deploy-staging:
name: Deploy to staging
runs-on: ubuntu-latest
if: github.event.review.state == 'approved'
if: >
github.event.review.state == 'approved' &&
github.event.pull_request.head.repo.full_name == github.repository
environment:
name: staging
@@ -165,8 +167,8 @@ jobs:
STATE="${{ steps.webhook.outputs.status }}"
if [ "$STATE" = "success" ]; then
DESCRIPTION=$(jq -n --arg tag "$IMAGE_TAG" --arg pr "$PR_NUMBER" \
'Deployed PR #\($pr) (\($tag)) to staging')
DESCRIPTION=$(jq -nr --arg tag "$IMAGE_TAG" --arg pr "$PR_NUMBER" \
'"Deployed PR #\($pr) (\($tag)) to staging"')
gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
-X POST \
@@ -190,19 +192,11 @@ jobs:
STATUS: ${{ steps.webhook.outputs.status }}
run: |
if [ "$STATUS" = "success" ]; then
BODY=$(jq -n --arg tag "$IMAGE_TAG" --arg sha "$REF_SHA" --arg url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
'✅ **Staging deployment completed**
🔗 **URL**: https://dev.opensourcepos.org
📦 **Image Tag**: `\($tag)`
🔨 **Commit**: \($sha)
View logs: \($url)')
BODY=$(jq -nr --arg tag "$IMAGE_TAG" --arg sha "$REF_SHA" --arg url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
'"✅ **Staging deployment completed**\n\n🔗 **URL**: https://dev.opensourcepos.org\n📦 **Image Tag**: `\($tag)`\n🔨 **Commit**: \($sha)\n\nView logs: \($url)"')
else
BODY=$(jq -n --arg url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
'❌ **Staging deployment failed**
Check the [workflow logs](\($url)) for details.')
BODY=$(jq -nr --arg url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
'"❌ **Staging deployment failed**\n\nCheck the [workflow logs](\($url)) for details."')
fi
gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" \

22
.github/workflows/deploy.yml vendored
View File

@@ -39,8 +39,26 @@ permissions:
deployments: write
jobs:
validate-inputs:
name: Validate deployment inputs
runs-on: ubuntu-latest
steps:
- name: Validate environment
env:
TARGET_ENV: ${{ inputs.environment }}
run: |
set -euo pipefail
case "$TARGET_ENV" in
production|staging) ;;
*)
echo "::error::Invalid environment '$TARGET_ENV'. Expected 'production' or 'staging'."
exit 1
;;
esac
deploy:
name: Deploy to ${{ inputs.environment }}
needs: validate-inputs
runs-on: ubuntu-latest
environment:
@@ -180,8 +198,8 @@ jobs:
STATE="${{ steps.webhook.outputs.status }}"
if [ "$STATE" = "success" ]; then
DESCRIPTION=$(jq -n --arg tag "$IMAGE_TAG" --arg env "$TARGET_ENV" \
'Deployed image \($tag) to \($env)')
DESCRIPTION=$(jq -nr --arg tag "$IMAGE_TAG" --arg env "$TARGET_ENV" \
'"Deployed image \($tag) to \($env)"')
gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
-X POST \