Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Allow unofficial plugins to be installed #43

Closed
suda opened this issue Feb 28, 2021 · 5 comments · Fixed by #44
Closed

[FEATURE] Allow unofficial plugins to be installed #43

suda opened this issue Feb 28, 2021 · 5 comments · Fixed by #44
Labels
enhancement New feature or request

Comments

@suda
Copy link
Contributor

suda commented Feb 28, 2021

There are many Prettier plugins that are not official (yet), like prettier-plugin-svelte. Unfortunately, trying to install it fails with:

Checking plugin: prettier-plugin-svelte
prettier-plugin-svelte does not seem to be a valid @prettier/plugin-x plugin. Exiting.

It would be great if other plugins could be installed as well :)
@suda suda added the enhancement New feature or request label Feb 28, 2021
@suda suda mentioned this issue Feb 28, 2021
Merged
@creyD
Copy link
Owner

creyD commented Mar 1, 2021

@stemount @infotexture I think you have a deeper understanding, why we opted for the official plugins only in #22 ? Was this a security issue or could we just open this up?

@infotexture
Copy link
Contributor

@creyD IIRC, in #25 (comment) @stemount was concerned about the security implications of allowing unknown code to be run/installed in addition to the official plug-ins.

I get this restriction and am fine with the limitation, but I understand that others that rely on third-party plug-ins need a way to install them with an action.

Not sure how to best reconcile those concerns, but if nothing else, this may be a case for forking the action and dropping the restriction from the fork.

@suda
Copy link
Contributor Author

suda commented Mar 12, 2021

That's what I did for now.

It is indeed tricky to solve. What if you'd have to explicitly pass something like allow_insecure_install: true parameter to clearly indicate that whatever goes in prettier_plugins will be passed straight to npm?

@creyD
Copy link
Owner

creyD commented Apr 10, 2021

That's what I did for now.

It is indeed tricky to solve. What if you'd have to explicitly pass something like allow_insecure_install: true parameter to clearly indicate that whatever goes in prettier_plugins will be passed straight to npm?

Pretty good idea for the future. The in official plugins option will go live with version 4.0 as soon as the issues with #37 are resolved. Thanks a lot for your help all of you!

@kevmo314
Copy link

For anyone else who runs across this issue, there's an injection bug you can use to install your own plugins:

      - name: Prettify code
        uses: creyD/prettier_action@v3.3
        with:
          prettier_version: latest prettier-plugin-organize-imports typescript
          prettier_options: --write **/*.{ts,tsx,js,jsx,md}
          commit_message: "style: format with prettier"

So I suppose this is also a minor bug report for an injection bug on this line: https://github.com/creyD/prettier_action/blob/master/entrypoint.sh#L35

@creyD creyD closed this as completed Sep 7, 2021
@yanglbme yanglbme mentioned this issue Nov 30, 2021
Closed
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow unofficial plugins suda/prettier_action
4 participants
@suda @infotexture @kevmo314 @creyD