database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
14,667 Commits 1 Branch 0 Tags
db317841a07f1cca684c5fd4c0ecfbea5fcaf93b
Commit Graph

17 Commits

Author SHA1 Message Date
Adonis Ling
f4cbbe6429 [chore](workflow) Fix security issues with pull_request_target (#26525) 
In the workflow Code Checks, we use the event pull_request_target which has write permission to enable the actions to comment on our PRs. We should be careful with the write permission and must forbid from running any user code. The previous PR #24761 tried its best to achieve this goal.
However, there is a scenario lacking of consideration (See #26494). #26494 attacks the workflow by git submodule way. This PR fixes this scenario by checkouting the external action explicitly in the workflow.
 2023-11-08 11:23:13 +08:00
Adonis Ling
e9ef6c7da7 [chore](workflow) Fix security issues in Code Checks (#24761) 
The workflow `Code Checks` needs write permissions granted by the event `pull_request_target` to comment on pull requests. However, if the workflow ran users' code, the malicious code would do some dangerous actions on our repository.

The following changes are made in this PR:
1. Instead of applying patches, we use `sed` to modify the `entrypoint.sh` in action-sh-checker explicitly in the workflow.
2. Revoke the write permissions when generating `compile_commands.json` which is produced by executing the build script `build.sh`.
 2023-09-22 10:39:39 +08:00
shuke
14163df429 [github](config) forbid shell check in pytest directory #24378 2023-09-15 10:15:08 +08:00
Calvin Kirs
321281da90 [Chore](Sonar)Set C++ code detection to scheduled scheduling (#24388) 
Set C++ code detection to scheduled scheduling
 2023-09-14 20:55:35 +08:00
Pxl
55de937651 [Chore](check) fix NoSuchFileException: /github/workspace/build_Release/compile_commands.json (#24380) 
fix NoSuchFileException: /github/workspace/build_Release/compile_commands.json
 2023-09-14 18:12:23 +08:00
Pxl
3827549aba [Chore](checks) change SonarCloud Scan projectBaseDir to be to avoid include .java file (#24377) 
change SonarCloud Scan projectBaseDir to be to avoid include .java file
 2023-09-14 17:26:23 +08:00
Pxl
f303a99250 [Chore](checks) set compile_commands.json path on sonar cloud config (#24374) 
set compile_commands.json path on sonar cloud config
 2023-09-14 16:52:30 +08:00
Pxl
7b634d8817 [Chore](checks) fix SonarCloud Scan config define (#24370) 
fix SonarCloud Scan config define
 2023-09-14 16:17:52 +08:00
Pxl
c1b4e132d6 [Chore](checks) add sonar config on cde checks (#24367) 
add sonar config on cde checks
 2023-09-14 15:54:46 +08:00
Pxl
a68ed24d20 [Chore](workflow) add sonar cloud on cpp workflow (#24189) 
add sonar cloud on cpp workflow
 2023-09-14 15:14:05 +08:00
Pxl
3727483c06 [Chore](build) update ldb_toolchain to v0.18 (#20802) 
* update ldb_toolchain to v0.18

* update
 2023-06-14 18:38:35 +08:00
airborne12
ed368d7f6c [chore](build) Ignore clucene checks (#19353) 2023-05-07 09:38:44 +08:00
Pxl
ec517a53a8 [Chore](build) upgrade clang-format version to 16 && move thrift to fe-common (#19155) 
upgrade clang-format version to 16
move thrift to fe-common
fix core dump on pipeline engine when operator canceled and not prepared
 2023-04-28 14:14:51 +08:00
Qi Chen
463c287361 [chore](orc) Ignore apache-orc checks. (#18537) 2023-04-11 14:08:09 +08:00
FreeOnePlus
ab9eb53049 [style](profile)Change Code-Checks Add Docker Dir (#16581) 
---------

Co-authored-by: Yijia Su <suyijia@selectdb.com>
 2023-02-10 09:19:52 +08:00
Mingyu Chen
c9f66250a8 [docker](iceberg) add iceberg docker compose and modify scripts (#16175) 
Add iceberg docker compose
Rename start-thirdparties-docker.sh to run-thirdparties-docker.sh and support start to stop specified components.
 2023-01-29 14:31:27 +08:00
Pxl
484e9bcece [Chore](workflow) move clang-tidy to code-checks (#14758) 
move clang-tidy to code-checks
 2022-12-03 10:43:18 +08:00