Fix CVE-2022-0529 and CVE-2022-0530 for unzip :3.0 #35147
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) Microsoft Corporation. | |
# Licensed under the MIT License. | |
name: Check Package CGManifests | |
on: | |
push: | |
branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*] | |
pull_request: | |
branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*] | |
jobs: | |
build: | |
name: Check Package CGManifests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
# This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond | |
- name: Define missing rpm macros | |
run: | | |
[[ -n $(rpm --eval '%bcond test 1') ]] && echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros | |
- name: Get base commit for PRs | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
git fetch origin ${{ github.base_ref }} | |
echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV | |
echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" | |
- name: Get base commit for Pushes | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
git fetch origin ${{ github.event.before }} | |
echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV | |
echo "Merging ${{ github.sha }} into ${{ github.event.before }}" | |
- name: Get the changed files | |
run: | | |
echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'" | |
changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; }) | |
echo "Files to validate: '${changed_specs}'" | |
echo "updated-specs=$(echo ${changed_specs})" >> $GITHUB_ENV | |
- name: Check each spec | |
run: | | |
.github/workflows/overwrite_shell_link.sh | |
.github/workflows/validate-cg-manifest.sh ${{ env.updated-specs }} |