Security + a bit more tweaking

ichard26 · Jan 14, 2022 · 3d0c8c9 · 3d0c8c9
1 parent a963292
commit 3d0c8c9
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 16 deletions.
diff --git a/.github/workflows/diff_shades.yml b/.github/workflows/diff_shades.yml
@@ -3,10 +3,10 @@ name: diff-shades
 on:
  push:
  branches: [main]
- paths-ignore: ["docs/**", "tests/**", "*.md"]
+ paths-ignore: ["docs/**", "tests/**", "**.md", "**.rst"]
 
  pull_request:
- path-ignore: ["docs/**", "tests/**", "*.md"]
+ path-ignore: ["docs/**", "tests/**", "**.md", "**.rst"]
 
  workflow_dispatch:
  inputs:

diff --git a/.github/workflows/diff_shades_comment.yml b/.github/workflows/diff_shades_comment.yml
@@ -31,15 +31,15 @@ jobs:
  - name: Try to find pre-existing PR comment
  if: steps.metadata.outputs.needs-comment == 'true'
  id: find-comment
- uses: peter-evans/find-comment@v1
+ uses: peter-evans/find-comment@d2dae40ed151c634e4189471272b57e76ec19ba8
  with:
  issue-number: ${{ steps.metadata.outputs.pr-number }}
  comment-author: "github-actions[bot]"
  body-includes: "diff-shades"
 
  - name: Create or update PR comment
  if: steps.metadata.outputs.needs-comment == 'true'
- uses: peter-evans/create-or-update-comment@v1
+ uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae
  with:
  comment-id: ${{ steps.find-comment.outputs.comment-id }}
  issue-number: ${{ steps.metadata.outputs.pr-number }}

diff --git a/scripts/diff_shades_gha_helper.py b/scripts/diff_shades_gha_helper.py
@@ -23,7 +23,7 @@
 import zipfile
 from io import BytesIO
 from pathlib import Path
-from typing import Any, Dict, Optional, Tuple
+from typing import Any, Optional, Tuple
 
 import click
 import urllib3
@@ -55,19 +55,16 @@ def set_output(name: str, value: str) -> None:
  print(f"::set-output name={name}::{value}")
 
 
-def http_get(
- url: str,
- is_json: bool = True,
- headers: Optional[Dict[str, str]] = None,
- **kwargs: Any,
-) -> Any:
- headers = headers or {}
+def http_get(url: str, is_json: bool = True, **kwargs: Any) -> Any:
+ headers = kwargs.get("headers") or {}
  headers["User-Agent"] = USER_AGENT
  if "github" in url:
  if GH_API_TOKEN:
  headers["Authorization"] = f"token {GH_API_TOKEN}"
  headers["Accept"] = "application/vnd.github.v3+json"
- r = http.request("GET", url, headers=headers, **kwargs)
+ kwargs["headers"] = headers
+
+ r = http.request("GET", url, **kwargs)
  if is_json:
  data = json.loads(r.data.decode("utf-8"))
  else:
@@ -244,9 +241,9 @@ def comment_details(run_id: str) -> None:
  pr_number = pulls[0]["number"]
  set_output("pr-number", str(pr_number))
 
- jobs_data = http_get(data["jobs_url"])
- assert len(jobs_data["jobs"]) == 1, "multiple jobs not supported nor tested"
- job = jobs_data["jobs"][0]
+ jobs = http_get(data["jobs_url"])["jobs"]
+ assert len(jobs) == 1, "multiple jobs not supported nor tested"
+ job = jobs[0]
  steps = {s["name"]: s["number"] for s in job["steps"]}
  diff_step = steps[DIFF_STEP_NAME]
  diff_url = job["html_url"] + f"#step:{diff_step}:1"