web: fix various XSS vulnerabilities #5178
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file is part of BOINC. | |
# http://boinc.berkeley.edu | |
# Copyright (C) 2023 University of California | |
# | |
# BOINC is free software; you can redistribute it and/or modify it | |
# under the terms of the GNU Lesser General Public License | |
# as published by the Free Software Foundation, | |
# either version 3 of the License, or (at your option) any later version. | |
# | |
# BOINC is distributed in the hope that it will be useful, | |
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
# See the GNU Lesser General Public License for more details. | |
# | |
# You should have received a copy of the GNU Lesser General Public License | |
# along with BOINC. If not, see <http://www.gnu.org/licenses/>. | |
name: Linux-MinGW | |
on: | |
push: | |
branches: [ master, 'client_release/**' ] | |
tags: [ 'client_release/**' ] | |
pull_request: | |
branches: [ master ] | |
schedule: | |
- cron: '0 0 * * *' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }} | |
AWS_DEFAULT_REGION: us-west-2 | |
jobs: | |
build: | |
name: ${{ matrix.type }}-build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
type: [libs-mingw, apps-mingw, apps-mingw-vcpkg, libs-mingw-cmake] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Check if build is running from origin repo | |
if: ${{ success() && env.AWS_ACCESS_KEY_ID != 0 && env.AWS_SECRET_ACCESS_KEY != 0 }} | |
run: | | |
echo "VCPKG_BINARY_SOURCES=clear;x-aws,s3://vcpkg.cache.boinc/,readwrite" >> $GITHUB_ENV | |
- name: Check if build is running from fork | |
if: ${{ success() && (env.AWS_ACCESS_KEY_ID == 0 || env.AWS_SECRET_ACCESS_KEY == 0) }} | |
run: | | |
echo "VCPKG_BINARY_SOURCES=clear;x-aws-config,no-sign-request;x-aws,s3://vcpkg.cache.boinc/,read" >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
sudo apt-get -qq update | |
sudo apt-get install -y mingw-w64 mingw-w64-tools mingw-w64-x86-64-dev mingw-w64-i686-dev tar curl zip unzip p7zip-full | |
- name: Make libs with mingw | |
if: success() && matrix.type == 'libs-mingw' | |
run: cd lib && MINGW=x86_64-w64-mingw32 make -f Makefile.mingw | |
- name: Make apps with mingw | |
if: success() && matrix.type == 'apps-mingw' | |
run: cd lib && MINGW=x86_64-w64-mingw32 make -f Makefile.mingw wrapper | |
- name: Install Powershell for vcpkg | |
if: success() && matrix.type == 'apps-mingw-vcpkg' | |
run: | | |
POWERSHELL_DEPS="wget apt-transport-https software-properties-common" | |
# Install pre-requisite packages of PowerShell | |
sudo apt install -y $POWERSHELL_DEPS doxygen | |
# Download the Microsoft repository GPG keys | |
VERSION=$(lsb_release -r -s) | |
wget -q https://packages.microsoft.com/config/ubuntu/$VERSION/packages-microsoft-prod.deb | |
# Register the Microsoft repository GPG keys | |
sudo dpkg -i packages-microsoft-prod.deb | |
# Update the list of packages after we added packages.microsoft.com | |
sudo apt update | |
# Install PowerShell | |
sudo apt install -y powershell | |
- name: Automake vcpkg and cmake | |
if: success() && (contains(matrix.type, 'vcpkg') || contains(matrix.type, 'cmake')) | |
run: ./_autosetup | |
- name: Configure mingw vcpkg apps | |
if: success() && matrix.type == 'apps-mingw-vcpkg' | |
run: | | |
mingw/ci_configure_apps.sh | |
- name: Configure libs with cmake vcpkg | |
if: success() && matrix.type == 'libs-mingw-cmake' | |
run: | | |
mingw/ci_configure_libs_cmake.sh | |
- name: Make mingw vcpkg apps | |
if: success() && matrix.type == 'apps-mingw-vcpkg' | |
run: | | |
mingw/ci_make_apps.sh | |
- name: Make for cmake | |
if: success() && endsWith(matrix.type, 'cmake') | |
run: | |
cmake --build build | |
- name: Prepare logs on failure | |
if: ${{ failure() }} | |
run: python ./deploy/prepare_deployment.py logs | |
- name: Upload logs on failure | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
with: | |
name: mingw_logs_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | |
path: deploy/logs.7z | |
- name: Prepare artifacts for deploy | |
if: success() && ! contains(matrix.type, 'libs') | |
run: python ./deploy/prepare_deployment.py win_${{ matrix.type }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
if: ${{! contains(matrix.type, 'libs')}} | |
with: | |
name: win_${{ matrix.type }}_${{ github.event.pull_request.head.sha }} | |
path: deploy/win_${{ matrix.type }}.7z |