resideo / actions Goto Github PK
View Code? Open in Web Editor NEWCollection of GitHub Actions for Resideo projects
Collection of GitHub Actions for Resideo projects
It seems that Github Token is required even if user requests no github comment to be added.
This is not a huge issue in most cases, but still adds a bit complexity and makes it harder to run locally. Also the error message is not the clearest.
Error: Parameter token or opts.auth is required
| at Object.getAuthString (/run/act/actions/resideo-actions-twistlock@518f3232f66fc45b1d74ccec9dcfffe664df67ba/twistlock/dist/index.js:1:49929)
| at Object.getOctokitOptions (/run/act/actions/resideo-actions-twistlock@518f3232f66fc45b1d74ccec9dcfffe664df67ba/twistlock/dist/index.js:1:51407)
| at Object.getOctokit (/run/act/actions/resideo-actions-twistlock@518f3232f66fc45b1d74ccec9dcfffe664df67ba/twistlock/dist/index.js:1:49117)
| at /run/act/actions/resideo-actions-twistlock@518f3232f66fc45b1d74ccec9dcfffe664df67ba/twistlock/dist/index.js:21:394441
| at /run/act/actions/resideo-actions-twistlock@518f3232f66fc45b1d74ccec9dcfffe664df67ba/twistlock/dist/index.js:21:394882
| at Object. (/run/act/actions/resideo-actions-twistlock@518f3232f66fc45b1d74ccec9dcfffe664df67ba/twistlock/dist/index.js:21:394921)
It looks like it should be enough to make this initialization conditional in index.ts
const token = core.getInput("token") === "" ? process.env.GITHUB_TOKEN || "" : core.getInput("token"); const octokit = github.getOctokit(token);
Unless it's really used for something else than github comment, then of course it makes sense to keep it as it is.
I'm creating this issue as I received a security alert, but it cannot auto-generate a PR. I've copied the details below.
1 minimist vulnerability found in yarn.lock
Remediation
Upgrade minimist to version 1.2.2 or later. For example:
minimist@^1.2.2:
version "1.2.2"
Always verify the validity and compatibility of suggestions with your codebase.
Details
GHSA-7fhm-mqm4-2wp7
moderate severity
Vulnerable versions: < 1.2.2
Patched version: 1.2.2
There are high severity security vulnerabilities in two of ESLints dependencies:
The releases 1.8.3 and lower of svjsl (JSLib-npm) are vulnerable, but only if installed in a developer environment. A patch has been released (v1.8.4) which fixes these vulnerabilities.
Identifiers:
CVE-2020-7598
SNYK-JS-ACORN-559469 (does not have a CVE identifier)
Don't repeat ourselves with Services show details.
Will be solely a .demo
test drive. This will be a component that can be added to related Show pages, such as Location, Account, and Device. *For this task data will be null
src/components/Services/ServiceSummary.demo.tsx
test/account-show-test.demo.ts
to account for new display fieldshttps://github.com/resideo/zeus/runs/710458651?check_suite_focus=true
Running json_locator for: gateways/production/mirage/resolvers
122
Running json_locator for: gateways/production/mirage
123
Running json_locator for: gateways/production/miragegateways/production
124
Skipping gateways/production/miragegateways/production because the directory does not exist.
It looks like json_locator
might be receiving a weirdly concatenated string?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.