From 8fe08d70ee0a53bde01d6fb390b673e31fc3fb6c Mon Sep 17 00:00:00 2001 From: sayakpaul Date: Mon, 26 May 2025 09:37:01 -0700 Subject: [PATCH 1/3] fix security issue in build docker ci --- .github/workflows/build_docker_images.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml index b73faea231dc..be0f828a30f3 100644 --- a/.github/workflows/build_docker_images.yml +++ b/.github/workflows/build_docker_images.yml @@ -40,13 +40,7 @@ jobs: - name: Build Changed Docker Images run: | CHANGED_FILES="${{ steps.file_changes.outputs.all }}" - for FILE in $CHANGED_FILES; do - # skip anything that isn’t still on disk - if [[ ! -f "$FILE" ]]; then - echo "Skipping removed file $FILE" - continue - fi - + for FILE in $CHANGED_FILES; do if [[ "$FILE" == docker/*Dockerfile ]]; then DOCKER_PATH="${FILE%/Dockerfile}" DOCKER_TAG=$(basename "$DOCKER_PATH") From 7b4d578a7535a8972765319a54cb228d0257037b Mon Sep 17 00:00:00 2001 From: sayakpaul Date: Mon, 26 May 2025 09:45:42 -0700 Subject: [PATCH 2/3] better --- .github/workflows/build_docker_images.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml index be0f828a30f3..cb755df6918f 100644 --- a/.github/workflows/build_docker_images.yml +++ b/.github/workflows/build_docker_images.yml @@ -38,8 +38,10 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Build Changed Docker Images + env: + CHANGED_FILES: ${{ steps.file_changes.outputs.all }} run: | - CHANGED_FILES="${{ steps.file_changes.outputs.all }}" + echo "$CHANGED_FILES" for FILE in $CHANGED_FILES; do if [[ "$FILE" == docker/*Dockerfile ]]; then DOCKER_PATH="${FILE%/Dockerfile}" From bce37d2a522fa96d55ce4c07a8c9220d2bbbbf90 Mon Sep 17 00:00:00 2001 From: sayakpaul Date: Mon, 26 May 2025 09:52:16 -0700 Subject: [PATCH 3/3] update --- .github/workflows/build_docker_images.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml index cb755df6918f..838f241ddc7d 100644 --- a/.github/workflows/build_docker_images.yml +++ b/.github/workflows/build_docker_images.yml @@ -42,7 +42,12 @@ jobs: CHANGED_FILES: ${{ steps.file_changes.outputs.all }} run: | echo "$CHANGED_FILES" - for FILE in $CHANGED_FILES; do + for FILE in $CHANGED_FILES; do + # skip anything that isn't still on disk + if [[ ! -f "$FILE" ]]; then + echo "Skipping removed file $FILE" + continue + fi if [[ "$FILE" == docker/*Dockerfile ]]; then DOCKER_PATH="${FILE%/Dockerfile}" DOCKER_TAG=$(basename "$DOCKER_PATH")