Merge 264c4e8b40 into 4da57bd76c

fix: permissions of validate pipelines (#1316 )
* Fix permission in validate-filenames pipeline * Run Github Actions for script validation on pull_request_target with right permissions
2025-01-25 18:16:17 +00:00 · 2025-01-07 21:50:45 +01:00 · 2025-01-07 20:34:37 +01:00 · 2025-01-06 16:05:26 +02:00 · 2025-01-05 14:19:43 +02:00
5 changed files with 55 additions and 13 deletions
--- a/.github/workflows/validate-filenames.yml
+++ b/.github/workflows/validate-filenames.yml
@ -1,23 +1,36 @@
 name: Validate filenames
 on:
-  pull_request:
+  pull_request_target:
    paths:
      - "ct/*.sh"
      - "install/*.sh"
      - "json/*.json"
      - ".github/workflows/validate-filenames.yml"
 jobs:
  check-files:
    name: Check changed files
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Get pull request information
        uses: actions/github-script@v7
        id: pr
        with:
          script: |
            const { data: pullRequest } = await github.rest.pulls.get({
              ...context.repo,
              pull_number: context.payload.pull_request.number,
            });
            return pullRequest;
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Ensure the full history is fetched for accurate diffing
          ref: ${{ fromJSON(steps.pr.outputs.result).merge_commit_sha }}
      - name: Get changed files
        id: changed-files
--- a/.github/workflows/validate-formatting.yaml
+++ b/.github/workflows/validate-formatting.yaml
@ -4,11 +4,10 @@ on:
  push:
    branches:
      - main
-  pull_request:
+  pull_request_target:
    paths:
      - "**/*.sh"
      - "**/*.func"
      - ".github/workflows/validate-formatting.yaml"
 jobs:
  shfmt:
@ -18,10 +17,22 @@ jobs:
      pull-requests: write
    steps:
      - name: Get pull request information
        uses: actions/github-script@v7
        id: pr
        with:
          script: |
            const { data: pullRequest } = await github.rest.pulls.get({
              ...context.repo,
              pull_number: context.payload.pull_request.number,
            });
            return pullRequest;
      - name: Checkout code
        uses: actions/checkout@v4
        with:
-          fetch-depth: 0
+          fetch-depth: 0 # Ensure the full history is fetched for accurate diffing
          ref: ${{ fromJSON(steps.pr.outputs.result).merge_commit_sha }}
      - name: Get changed files
        id: changed-files
--- a/.github/workflows/validate-scripts.yml
+++ b/.github/workflows/validate-scripts.yml
@ -3,11 +3,10 @@ on:
  push:
    branches:
      - main
-  pull_request:
+  pull_request_target:
    paths:
      - "ct/*.sh"
      - "install/*.sh"
      - ".github/workflows/validate-scripts.yml"
 jobs:
  check-scripts:
@ -17,10 +16,22 @@ jobs:
      pull-requests: write
    steps:
      - name: Get pull request information
        uses: actions/github-script@v7
        id: pr
        with:
          script: |
            const { data: pullRequest } = await github.rest.pulls.get({
              ...context.repo,
              pull_number: context.payload.pull_request.number,
            });
            return pullRequest;
      - name: Checkout code
        uses: actions/checkout@v4
        with:
-          fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }}
+          fetch-depth: 0 # Ensure the full history is fetched for accurate diffing
          ref: ${{fromJSON(steps.pr.outputs.result).merge_commit_sha}}
      - name: Set execute permission for .sh files
        run: |
--- a/ct/actualbudget.sh
+++ b/ct/actualbudget.sh
@ -34,11 +34,16 @@ function update_script() {
    fi
    msg_info "Updating ${APP}"
    systemctl stop actualbudget.service
    RELEASE=$(curl -s https://api.github.com/repos/actualbudget/actual-server/tags | jq --raw-output '.[0].name')
    TEMPD="$(mktemp -d)"
    cd "${TEMPD}"
    wget -q https://codeload.github.com/actualbudget/actual-server/legacy.tar.gz/refs/tags/${RELEASE} -O - | tar -xz
    mv actualbudget-actual-server-*/* /opt/actualbudget/
    cd /opt/actualbudget
    git pull &>/dev/null
    yarn install &>/dev/null
    systemctl start actualbudget.service
-    msg_ok "Successfully Updated ${APP}"
+    msg_ok "Successfully Updated ${APP} to ${RELEASE}"
    rm -rf "${TEMPD}"
    exit
 }
--- a/install/actualbudget-install.sh
+++ b/install/actualbudget-install.sh
@ -35,8 +35,10 @@ $STD apt-get install -y nodejs
 $STD npm install --global yarn
 msg_ok "Installed Node.js"
-msg_info "Installing Actual Budget"
+RELEASE=$(curl -s https://api.github.com/repos/actualbudget/actual-server/tags | jq --raw-output '.[0].name')
-$STD git clone https://github.com/actualbudget/actual-server.git /opt/actualbudget
+msg_info "Installing Actual Budget $RELEASE"
 wget -q https://codeload.github.com/actualbudget/actual-server/legacy.tar.gz/refs/tags/${RELEASE} -O - | tar -xz
 mv actualbudget-actual-server-* /opt/actualbudget
 mkdir -p /opt/actualbudget/server-files
 chown -R root:root /opt/actualbudget/server-files
 chmod 755 /opt/actualbudget/server-files
Author	SHA1	Message	Date
Spyros Roum	221de81657	Merge `264c4e8b40` into `4da57bd76c`	2025-01-07 21:50:45 +01:00
Sébastiaan	4da57bd76c	fix: permissions of validate pipelines (#1316 ) Some checks are pending Create Changelog Pull Request / update-changelog-pull-request (push) Waiting to run Details Shellcheck / Shellcheck (push) Waiting to run Details Validate script formatting / Check changed files (push) Waiting to run Details Validate scripts / Check changed files (push) Waiting to run Details * Fix permission in validate-filenames pipeline * Run Github Actions for script validation on pull_request_target with right permissions	2025-01-07 20:34:37 +01:00
Spyros Roum	264c4e8b40	Use tarballs for actualbudget install/update	2025-01-06 16:05:26 +02:00
Spyros Roum	693ae94e7d	Install/update ActualBudget based on releases, not latest main	2025-01-05 14:19:43 +02:00