Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Barebones workflow to trigger pre-commit github action #64

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Barebones workflow to trigger pre-commit github action #64

wants to merge 6 commits into from

Conversation

jdye64
Copy link
Collaborator

@jdye64 jdye64 commented Sep 9, 2024

Description

Barebones Github Action configuration to install and run pre-commit on the nv-ingest codebase

This closes: #63

Checklist

  • I am familiar with the Contributing Guidelines.
  • New or existing tests cover these changes.
  • The documentation is up to date with these changes.

jarmak-nv
jarmak-nv requested changes Sep 9, 2024
View reviewed changes
.github/workflows/pre-commit.yml Outdated
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
Copy link
Collaborator

@jarmak-nv jarmak-nv Sep 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should remove this line; it's vulnerable to script injection if someone opens a PR and names their repo in a malicious manner.

(I selected the wrong part - sorry! I mean L14 since it echos the repo name, but tbh we probably should just remove them all.)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Any user modifiable field is at risk of this, repo is probably the least likely but still something we shouldn't open ourselves to.)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Honestly I just copied this example from a silly little boilerplate example in their docs. I'll make some meaningful changes here shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jarmak-nv jarmak-nv jarmak-nv requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEA]: Enable Github Actions for pre-commit hooks
3 participants
@jdye64 @jarmak-nv @edknv