* docs: add design for manifest path traversal fix
* docs: add implementation plan for manifest path traversal fix
* fix: confine manifest paths to workspace
moveFileToTmpDir previously used path.join(tempDirectory, originalFilepath),
which normalizes ../ sequences. A manifests input containing a traversal
sequence caused the action to read .yaml/.yml files from outside the
workspace and write copies outside RUNNER_TEMP. Directory inputs made
this stronger because recurisveManifestGetter enumerated YAML files
under the traversed directory.
Add assertPathWithinWorkspace, which resolves symlinks via realpathSync
and rejects any path not contained in GITHUB_WORKSPACE. Apply it in
getFilesFromDirectoriesAndURLs before lstat / readdir / file inclusion.
Rewrite moveFileToTmpDir to use a basename-only destination under
RUNNER_TEMP with a getCurrentTime() uniquifier to avoid collisions,
matching the safer pattern already used by getNewTempManifestFileName.
* fix: handle errors in writeYamlFromURLToFile
The https.get callback was marked async without any await, which caused
thrown errors to be silently swallowed as floating promise rejections.
There were no error listeners on the response stream or the file
writer, so socket or disk errors hung the promise instead of rejecting
it. On HTTP status >= 400 the function called reject but then fell
through and opened a write stream anyway.
Drop the misleading async, return after rejecting HTTP errors, drain
the response, and add error listeners on both streams. Wrap the string
verification error in new Error so stack traces are preserved.
* fix: harden verifyYaml and warn on unset GITHUB_WORKSPACE
Two follow-ups from review of the path-traversal series:
verifyYaml is called inside writeYamlFromURLToFile's finish listener.
If the body parsed to a null YAML document (e.g. "---" or a multi-doc
file with a trailing separator), the loop dereferenced obj.kind on
null and threw. Because the throw happened inside an EventEmitter
listener attached to a WriteStream rather than the Promise executor,
it was not routed to reject, so the promise hung. Wrap the finish
body in try/catch and add a null guard inside verifyYaml.
assertPathWithinWorkspace previously returned silently when
GITHUB_WORKSPACE was unset. In a real Action run the runner always
sets it, so unset is a signal that something is wrong with the
environment, not "skip the security check". Emit core.warning so a
misconfigured self-hosted runner does not lose the containment
protection without notice.
* test: realpath both sides of dirname comparison
On macOS, RUNNER_TEMP under /var/folders/... resolves through a
/private symlink. moveFileToTmpDir builds its destination from the
raw RUNNER_TEMP, so comparing path.dirname(out) directly with
realpathSync(tmpDir) would fail on macOS. Normalize both sides.
* fix: resolve relative manifest paths against workspace and clean up URL temp files
Address two Copilot review comments on PR #528:
- assertPathWithinWorkspace now resolves relative inputPath values
against the realpathed GITHUB_WORKSPACE instead of process.cwd().
Previously a step that changed CWD could cause unexpected
rejections (or false acceptances) for relative manifests inputs.
Absolute paths are still passed through and validated unchanged.
- writeYamlFromURLToFile now unlinks the partial temp file on any
rejection that occurs after the write stream is created
(writer error, response error, verification failure, sync throw
in verify). The success path still resolves without unlinking.
Pre-stream request errors leave nothing to clean up.
Tests added: a workspace-relative resolution test that deliberately
chdirs elsewhere, plus two cleanup-assertion tests covering
verification-failure and mid-stream response error.
* Migrate build toolchain from ncc/Jest to esbuild/Vitest
Replace the legacy ncc/Jest/Babel build stack with a modern ESM toolchain:
Build:
- Replace @vercel/ncc with esbuild (--platform=node --target=node20 --format=esm)
- Add createRequire banner for CJS interop in ESM bundle
- Add "type": "module" to package.json
- Add tsc --noEmit typecheck script (esbuild strips types without checking)
- Add typecheck to husky pre-commit hook
Dependencies:
- Bump @actions/core@3, exec@3, io@3, tool-cache@4 (ESM-only)
- Replace jest/ts-jest/@babel/* with vitest@4
Tests:
- Convert 29 test files: jest.fn()→vi.fn(), jest.mock()→vi.mock(), jest.spyOn()→vi.spyOn()
- Fix vitest 4 compat: mockImplementation requires args, mock call tracking, await .rejects
CI:
- Update build step from ncc build → npm run build
- Update composite action to use npm run build
* Switch tsconfig to NodeNext module resolution
Change module/moduleResolution from ES2022/bundler to NodeNext/NodeNext
and target from ES2022 to ES2020.
- Add .js extensions to all relative imports across 59 source/test files
(required by NodeNext module resolution)
- Add vitest/globals to tsconfig types array for global test API declarations
* Ensure the kubectl is configured with a default namespace, and override it on the deployment resource
* Provide a helper method to get the namespace of a resource but fallback to the default if unavailable
* Ensure error messages display the correct namespace
* Enhance manifest stability with detailed error reporting and logging
* Enhance manifest stability with detailed error reporting and logging
* Refactored the getContainerErrors Function to enhance readability
* Added an early return for the getContainerErrors function
* Eliminated redundant conditionals
---------
Co-authored-by: benjamin <145829787+benjaminbob21@users.noreply.github.com>
Co-authored-by: Suneha Bose <123775811+bosesuneha@users.noreply.github.com>
Co-authored-by: David Gamero <david340804@gmail.com>
* Added timeout to the rollout status and tests for it
* Fixed integration test errors
* Fix for blue green integration test
* Probable fix for integration errors
* No jobs run error fixed
* Changed timeout to file level constant
* Added parsing logic for timeout
* Made tests more concise
* implemented timeout validation check in an extracted utils mod
* Changed function name to parseDuration
* Removed timeout parameter from getResource
---------
Co-authored-by: David Gamero <david340804@gmail.com>
Co-authored-by: Suneha Bose <123775811+bosesuneha@users.noreply.github.com>
* changed ubuntu runner
* changed minikube action
* Version formatting
* nonedriveR
* update kube version
* installing conntrack'
* updated other actions
* update bg ingress api version
* prettify
* updated ingress backend for new api version
* Added path type
* prettify
* added logging
* added try catch logic to prevent future failures if annotations fail since failing annotations shouldn't affect users
* added nullcheck
* Added fallback filename if workflow fails to get github filepath due to runner issues
* cleanup
* added oliver's feedback + unit test demonstrating regex glitch and fix
* no longer using blank string for failed regex
* add tests and dont split so much
* testing
* file fix
* without fix
* Revert "without fix"
This reverts commit 8da79a81904db93da579a82a2c93818ef4cb37ab.
* fixing labels test
* pretty
* refactored getting tmp filename to use entire path, and refactored private to use filepath relative to tmp dir
* wip
* merging master
* this should fail
* added UTs
* restructured plus UTs plus debug logs
* resolved dir not existing and UTs
* cleanup
* no silent failure
* Reverting private logic
* this might work
* root level files for temp... bizarre issue
* need to actually write contents
* no more cwdir
* moving everything out of temp
* deleting unused function
* supporting windows filepaths for private cluster shallow path generation
---------
Co-authored-by: David Gamero <david340804@gmail.com>
* changed ubuntu runner
* changed minikube action
* Version formatting
* nonedriveR
* update kube version
* installing conntrack'
* updated other actions
* update bg ingress api version
* prettify
* updated ingress backend for new api version
* Added path type
* prettify
* added logging
* added try catch logic to prevent future failures if annotations fail since failing annotations shouldn't affect users
* added nullcheck
* Added fallback filename if workflow fails to get github filepath due to runner issues
* cleanup
* added oliver's feedback + unit test demonstrating regex glitch and fix
* no longer using blank string for failed regex
* add tests and dont split so much
* testing
* file fix
* without fix
* Revert "without fix"
This reverts commit 8da79a81904db93da579a82a2c93818ef4cb37ab.
* fixing labels test
* pretty
---------
Co-authored-by: David Gamero <david340804@gmail.com>
In Typescript/Javascript an empty string split on newline is going to
produce an array with an empty string.
=> "".split('\n')
[""]
This causes the action to produce a warning, unless `pull-images` is set
to false.
Failed to get dockerfile path for image : Error: The process '/usr/bin/docker' failed with exit code 1
Filtering the list to remove any zero-length strings from the array
solves this issue.
Signed-off-by: Morten Linderud <morten.linderud@nrk.no>
* Make annotating resources optional
* Clarify descriptions
* Update README
* Refactor retrieving pods
* Remove annotating resources check in deploy.ts
* Add resource annotation integration test
* Move resource annotation integration test to seperate file
* Lint code
* Remove temporary debugging statements
* Fix integration test name
* Fix test
* Abstracting out repeated logic between verifyDeployment and verifyService
* Fix formattin
* Fix reference
* Fix test
* Refactor test
* Update ubuntu version to latest on canary SMI test
* Update ubuntu version to latest on canary SMI test
* Make annotating resources optional
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Clarify descriptions
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Update README
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Refactor retrieving pods
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Remove annotating resources check in deploy.ts
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Add resource annotation integration test
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Move resource annotation integration test to seperate file
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Lint code
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Remove temporary debugging statements
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Fix integration test name
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Fix test
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Abstracting out repeated logic between verifyDeployment and verifyService
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Fix formattin
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Fix reference
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Fix test
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Refactor test
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Update ubuntu version to latest on canary SMI test
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
---------
Signed-off-by: Bram de Hart <bram.dehart@nsgo.nl>
* Check for error from Azure
Move the error check for Azure earlier, so that a well defined error is
thrown on error instead of a JSONSyntax error.
The issue is that when Azure returns an error, like when there's an
issue with the access to the principal used. When this happens, the
stdout field will be an empty string, and the error message will be set.
* Restore check for deserialized exitCode
* changed ubuntu runner
* changed minikube action
* Version formatting
* nonedriveR
* update kube version
* installing conntrack'
* updated other actions
* update bg ingress api version
* prettify
* updated ingress backend for new api version
* Added path type
* prettify
* added logging
* added try catch logic to prevent future failures if annotations fail since failing annotations shouldn't affect users
* added nullcheck
* Added fallback filename if workflow fails to get github filepath due to runner issues
* cleanup
* added oliver's feedback + unit test demonstrating regex glitch and fix
* no longer using blank string for failed regex
* First commit - made manifests for test deployments, made manifests for i tests for other deployment strategies
* broke down blue/green
* added latest tags to test manifests for new tags
* remade tester
* ready to test bgi
* using all but first index of argv
* careless error with dicts
* added test to namespace
* realized i was silencing error
* indexing containers
* keyerror
* logging bc python errors are weird
* expected still string
* parsed args behaving weirdly
* test seems to be working now, applying changes to other YAMLs now
* blue/green ready to test
* oops
* oops
* Added additional labels to check
* hyphen
* Added our annotations
* lol
* added our labels to services too
* nonetype issue'
* nonetype issue'
* narrowing down parameter
* fixed annotations issue with promote
* adding debhug statement to figure out why services aren't getting annotations
* this should fix annotations issue for service
* not sure why this wasn't caught by intellisense
* should be fixed with removing comma but adding logs in case
* added linkerd install
* verification
* upgraded kubernetes version
* removing crds
* proxy option
* Added smi extension
* logging service
* smi svcs also getting labeled now
* matching ts type
* not sure where stable service is going
* remaining svc and deployment should match
* keeping stable service and ts object
* updated tests to reflect keeping ts object
* no green svc after promote
* duh
* lol
* canary work
* canary test ready
* logging for ing, filename for canary
* changed ingress svc key and returning svc files from smi canary deployment
* ts name
* forgot about baseline in first deploy
* *
* *
* smi canary should annotate, fixed cleanup
* typescript issue plus percentage
* forgot to type extra method
* removed cleaned up objects from annotate list
* logging because services aren't getting removed
* moving to try/catch strategy of annotation since deletion can fail silently/with warnings
* moved label to individual
* removing canary service check after promote
* pod ready for testing
* set weights to 1000
* selectors
* *
* percentage
* *
* typing
* mixed up pod and smi
* fixed tests
* prettier
* forgot to remove canary
* cleanup
* Added oliver's feedback + more cleanup
* ncc as dev dependency
* npx
* going back to global ncc install bc npm is being weird
* prettier
* removed unnecessary post step
* Added some tests, not sure what else to try but gonna think of more examples
* forgot some files
* reverted package-lock.json
* Added empty dir test
* Cleaned up some extra spaces
* Add node modules and compiled JavaScript from main
* forgot to actually include functionality
* removed unnecessary files
* Update .gitignore
* Update .gitignore
* Update .gitignore
* thx david
* renamed searchFilesRec
* integrations test fix
* added examples to README
* added note about depth
* added additional note
* removed ticks
* changed version string
* removed conflict on readme
* Added tests for bluegreen helper and resolved issue with ingress not being read correctly, still have to figure out why new services aren't showing up
* resolved services name issue
* looks functional, beginning refactor now
* refactored deploy methods for type error
* Removed refactor comments
* prettier
* implemented Oliver's feedback
* prettier
* added optional chaining operator
* removed refactor comment
Co-authored-by: Jaiveer Katariya <jaiveerkatariya@Jaiveers-MacBook-Pro.local>
Co-authored-by: Oliver King <oking3@uncc.edu>
Co-authored-by: Jaiveer Katariya <jaiveerkatariya@Jaiveers-MBP.lan>
