You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To develop this, I cloned the repo and opened a PR from this repo into my fork. This is to ensure that the code properly works with PR from forked repo.
Here's the working PR. The working results are near the end. Things take up quite a bit of time because of small Actions error like syntaxes and stuff. However, I'm pretty satisfied with the result.
To test:
Fork this repo including this branch
Merge this branch into master and develop of the forked repo
Open a PR from this repo into the forked branch. Make sure that it has the correct criteria of an icon PR (PR title, svgs in the folder, entry in the devicon.json.
You can cherry-pick one of the following commits from the branch testing_files that I put in this repo. It should be 8ce746 for the valid one (you might need to edit the devicon.json file and remove testingicon1 and testingicon2) and 948acf3 for the invalid SVG.
Pretty much, if we use this workflow event, we have to make sure the files added is safe before we run the script. I don't think this is too bad but maybe you @amacado might have a different opinion?
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with this solution, but if you like to rework it feel free ;-) I'm pretty busy right now so I'm unable to test it in depth but from what I can see it should work. Although my heart is bleeding a little for those chained actions. It just not feeling right to have a separated workflow whichs only purpose is to comment the results of another workflow. And this has to be done even twice for each workflow.. Anyway: As long as it works and Github does not provide a more elegant way of solving this I'm glad you found a workaround :)
I'm pretty busy right now so I'm unable to test it in depth but from what I can see it should work.
No problem, sorry for mentioning you too often π . I'm also starting school again too so I wanted to get this done before I get swarmed.
Since there aren't any PR coming in (probably since people are getting back to work), I think I can take some time and upgrade it to the pull_request_target. However, this is only good if you don't mind the possible security risk.
With bot:peek, we can ensure that the files added are good. However, the check_svgs run on every PR before we can check it. Thus, if someone want to, they can just open a fraudulent PR and get our tokens. We can bypass this by making a special label for it or make it a part of the bot:peek action.
Otherwise, we can just keep it as it is. There's no rush cause we can't really use the workflow until we merge it into master anyway. We can do that for our next build or something.
@Thomas-Boi in my opinion this solution seems more secure than exposing the tokens (even if it's only the IMGUR secret). It should not be considered best practice to open the project for possible fraud. :) So feel free to merge it. We can also merge to master and get a new release pretty soon.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is to address this discussion and issue #478.
To develop this, I cloned the repo and opened a PR from this repo into my fork. This is to ensure that the code properly works with PR from forked repo.
Here's the working PR. The working results are near the end. Things take up quite a bit of time because of small Actions error like syntaxes and stuff. However, I'm pretty satisfied with the result.
To test:
devicon.json.testing_filesthat I put in this repo. It should be8ce746for the valid one (you might need to edit thedevicon.jsonfile and removetestingicon1andtestingicon2) and948acf3for the invalid SVG.