[IMPORTANT/bp/1.28] Multiple CVEs #14673
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Command | |
| # NB: **ALL** commands should be permissionless and only use an app token or relevant secrets | |
| # specific to their requirements! | |
| permissions: | |
| contents: read | |
| on: | |
| issue_comment: | |
| types: | |
| - created | |
| env: | |
| CI_DEBUG: ${{ vars.CI_DEBUG }} | |
| jobs: | |
| # For speed and _security_ only a single command (first matching) will be parsed/run from a comment | |
| command: | |
| name: Parse and run command | |
| runs-on: ubuntu-22.04 | |
| if: >- | |
| ${{ | |
| github.event.issue.pull_request | |
| && (vars.ENVOY_CI | |
| || github.repository == 'envoyproxy/envoy') | |
| && github.actor != 'repokitteh-read-only[bot]' | |
| && github.actor != 'dependabot[bot]' | |
| }} | |
| steps: | |
| - uses: envoyproxy/toolshed/gh-actions/github/command@actions-v0.2.35 | |
| name: Parse command from comment | |
| id: command | |
| with: | |
| text: ${{ github.event.comment.body }} | |
| matching: >- | |
| ^/(retest) | |
| # /retest | |
| - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.35 | |
| if: ${{ steps.command.outputs.command == 'retest' }} | |
| id: appauth-retest | |
| name: Appauth (retest) | |
| with: | |
| key: ${{ secrets.ENVOY_CI_APP_KEY }} | |
| app_id: ${{ secrets.ENVOY_CI_APP_ID }} | |
| - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.2.35 | |
| if: ${{ steps.command.outputs.command == 'retest' }} | |
| name: Retest | |
| with: | |
| token: ${{ steps.appauth-retest.outputs.token }} | |
| azp_org: cncf | |
| azp_token: ${{ secrets.AZP_TOKEN }} | |
| comment-id: ${{ github.event.comment.id }} | |
| pr-url: ${{ github.event.issue.pull_request.url }} | |
| args: ${{ steps.command.outputs.args }} | |
| app-owner: ci-envoy |