Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update server-build.yml #37702

Closed
wants to merge 1 commit into from
Closed

Update server-build.yml #37702

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .github/workflows/server-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,11 @@ jobs:
git lfs pull ./server.jar
mv ./server.jar ../../../../../server.jar
cd ../../../../../
tar -xzvf ./server.jar
# tar -xzvf ./server.jar

- uses: actions/checkout@v2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Update actions/checkout to v4

The checkout action version v2 is outdated. Other steps in this workflow are using v4, which includes important security updates and performance improvements.

-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- uses: actions/checkout@v2
- uses: actions/checkout@v4
🧰 Tools
🪛 actionlint (1.7.4)

349-349: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

- name: Setup upterm session
uses: lhotari/action-upterm@v1
Comment on lines +350 to +351
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Restrict upterm session access

Adding unrestricted upterm session access to the workflow runner poses a security risk. Consider:

  1. Adding conditions to limit when the session is created (e.g., only on workflow failure)
  2. Restricting access to specific users or teams
       - name: Setup upterm session
+        if: failure()
         uses: lhotari/action-upterm@v1
+        with:
+          limit-access-to: appsmithorg/server-team
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Setup upterm session
uses: lhotari/action-upterm@v1
- name: Setup upterm session
if: failure()
uses: lhotari/action-upterm@v1
with:
limit-access-to: appsmithorg/server-team


# Restore the previous built bundle if present. If not push the newly built into the cache
- name: Restore the previous bundle
Expand Down
Loading