This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-actions.git
The following commit(s) were added to refs/heads/main by this push:
new b9819f8 Add more input validation to the upload action
b9819f8 is described below
commit b9819f85624ebe71db74d67f8a1f48cc962f83a8
Author: Sean B. Palmer <[email protected]>
AuthorDate: Thu Nov 20 10:52:46 2025 +0000
Add more input validation to the upload action
---
upload-to-atr/action.yml | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/upload-to-atr/action.yml b/upload-to-atr/action.yml
index 4b05690..25ad0eb 100644
--- a/upload-to-atr/action.yml
+++ b/upload-to-atr/action.yml
@@ -72,11 +72,24 @@ runs:
shell: bash
run: |
set -euxo pipefail
+ if ! [[ "${INPUTS_SSH_PORT}" =~ ^[0-9]+$ ]]
+ then
+ echo "::error::ssh-port must be an integer"
+ exit 1
+ fi
+ : "${INPUTS_PROJECT:?project is required}"
+ : "${INPUTS_VERSION:?version is required}"
+ if [[ -z "${INPUTS_SRC}" ]]
+ then
+ echo "::error::src cannot be empty"
+ exit 1
+ fi
command -v rsync > /dev/null || { sudo apt-get update -y && sudo
apt-get install -y rsync; }
src="${INPUTS_SRC}"
case "$src" in */) ;; *) src="$src/";; esac
rsync -av \
-e "ssh -p ${INPUTS_SSH_PORT} -i $SSH_PRIVATE_KEY_PATH -o
StrictHostKeyChecking=accept-new" \
+ -- \
"$src"
"github@${INPUTS_ATR_HOST}:/${INPUTS_PROJECT}/${INPUTS_VERSION}/"
env:
INPUTS_SRC: ${{ inputs.src }}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
