From 4da57bd76ca18ef07694e43ddbf01ec185650465 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastiaan?= Date: Tue, 7 Jan 2025 20:34:37 +0100 Subject: [PATCH 1/8] fix: permissions of validate pipelines (#1316) * Fix permission in validate-filenames pipeline * Run Github Actions for script validation on pull_request_target with right permissions --- .github/workflows/validate-filenames.yml | 17 +++++++++++++++-- .github/workflows/validate-formatting.yaml | 17 ++++++++++++++--- .github/workflows/validate-scripts.yml | 17 ++++++++++++++--- 3 files changed, 43 insertions(+), 8 deletions(-) diff --git a/.github/workflows/validate-filenames.yml b/.github/workflows/validate-filenames.yml index 704715f50..d4dffd8ec 100644 --- a/.github/workflows/validate-filenames.yml +++ b/.github/workflows/validate-filenames.yml @@ -1,23 +1,36 @@ name: Validate filenames on: - pull_request: + pull_request_target: paths: - "ct/*.sh" - "install/*.sh" - "json/*.json" - - ".github/workflows/validate-filenames.yml" jobs: check-files: name: Check changed files runs-on: ubuntu-latest + permissions: + pull-requests: write steps: + - name: Get pull request information + uses: actions/github-script@v7 + id: pr + with: + script: | + const { data: pullRequest } = await github.rest.pulls.get({ + ...context.repo, + pull_number: context.payload.pull_request.number, + }); + return pullRequest; + - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 # Ensure the full history is fetched for accurate diffing + ref: ${{ fromJSON(steps.pr.outputs.result).merge_commit_sha }} - name: Get changed files id: changed-files diff --git a/.github/workflows/validate-formatting.yaml b/.github/workflows/validate-formatting.yaml index 760ab2771..cde44d6a3 100644 --- a/.github/workflows/validate-formatting.yaml +++ b/.github/workflows/validate-formatting.yaml @@ -4,11 +4,10 @@ on: push: branches: - main - pull_request: + pull_request_target: paths: - "**/*.sh" - "**/*.func" - - ".github/workflows/validate-formatting.yaml" jobs: shfmt: @@ -18,10 +17,22 @@ jobs: pull-requests: write steps: + - name: Get pull request information + uses: actions/github-script@v7 + id: pr + with: + script: | + const { data: pullRequest } = await github.rest.pulls.get({ + ...context.repo, + pull_number: context.payload.pull_request.number, + }); + return pullRequest; + - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: 0 + fetch-depth: 0 # Ensure the full history is fetched for accurate diffing + ref: ${{ fromJSON(steps.pr.outputs.result).merge_commit_sha }} - name: Get changed files id: changed-files diff --git a/.github/workflows/validate-scripts.yml b/.github/workflows/validate-scripts.yml index 75e32e130..e7ee667d3 100644 --- a/.github/workflows/validate-scripts.yml +++ b/.github/workflows/validate-scripts.yml @@ -3,11 +3,10 @@ on: push: branches: - main - pull_request: + pull_request_target: paths: - "ct/*.sh" - "install/*.sh" - - ".github/workflows/validate-scripts.yml" jobs: check-scripts: @@ -17,10 +16,22 @@ jobs: pull-requests: write steps: + - name: Get pull request information + uses: actions/github-script@v7 + id: pr + with: + script: | + const { data: pullRequest } = await github.rest.pulls.get({ + ...context.repo, + pull_number: context.payload.pull_request.number, + }); + return pullRequest; + - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} + fetch-depth: 0 # Ensure the full history is fetched for accurate diffing + ref: ${{fromJSON(steps.pr.outputs.result).merge_commit_sha}} - name: Set execute permission for .sh files run: | From 670d64ec43577f6f97e4e51ad2126ec094a43cc8 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 08:13:40 +0100 Subject: [PATCH 2/8] Update CHANGELOG.md (#1320) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 198bf6355..d89bbff74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ Do not break established syntax in this file, as it is automatically updated by ### 🧰 Maintenance +- fix: permissions of validate pipelines [@se-bastiaan](https://github.com/se-bastiaan) ([#1316](https://github.com/community-scripts/ProxmoxVE/pull/1316)) - Set Execution Rights for GH-Action: Validate Scripts [@MickLesk](https://github.com/MickLesk) ([#1312](https://github.com/community-scripts/ProxmoxVE/pull/1312)) ## 2025-01-06 From 5fc783da67c764c960bd5846dcb005e96c2ad536 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinaldo=20D=C3=ADaz=20Lugo?= Date: Wed, 8 Jan 2025 08:14:15 +0100 Subject: [PATCH 3/8] update postgresql json to add post install password setup (#1318) --- json/postgresql.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/json/postgresql.json b/json/postgresql.json index c60465c71..6fe236d14 100644 --- a/json/postgresql.json +++ b/json/postgresql.json @@ -30,5 +30,10 @@ "username": null, "password": null }, - "notes": [] + "notes": [ + { + "text": "Set a password after installation for postgres user by running `echo \"ALTER USER postgres with encrypted password 'your_password';\" | sudo -u postgres psql`", + "type": "info" + } + ] } \ No newline at end of file From 9330e9a6401cdee6ecd9849fccf39772010c52bf Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 13:36:05 +0100 Subject: [PATCH 4/8] Update CHANGELOG.md (#1324) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d89bbff74..ab782eca2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,14 @@ All LXC instances created using this repository come pre-installed with Midnight > [!IMPORTANT] Do not break established syntax in this file, as it is automatically updated by a Github Workflow +## 2025-01-08 + +### Changed + +### 🌐 Website + +- update postgresql json to add post install password setup [@rdiazlugo](https://github.com/rdiazlugo) ([#1318](https://github.com/community-scripts/ProxmoxVE/pull/1318)) + ## 2025-01-07 ### Changed From ff712bc36e5b1ff0080876b3d379a96e635f8dbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastiaan?= Date: Wed, 8 Jan 2025 16:33:09 +0100 Subject: [PATCH 5/8] fix: correctly handle pull_request_target event (#1327) * Fix workflow on pull_request_target * fix fromJSON --- .github/workflows/validate-filenames.yml | 9 +++++---- .github/workflows/validate-formatting.yaml | 5 +++-- .github/workflows/validate-scripts.yml | 9 +++++---- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/validate-filenames.yml b/.github/workflows/validate-filenames.yml index d4dffd8ec..909c669de 100644 --- a/.github/workflows/validate-filenames.yml +++ b/.github/workflows/validate-filenames.yml @@ -16,6 +16,7 @@ jobs: steps: - name: Get pull request information + if: github.event_name == 'pull_request_target' uses: actions/github-script@v7 id: pr with: @@ -30,13 +31,13 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 # Ensure the full history is fetched for accurate diffing - ref: ${{ fromJSON(steps.pr.outputs.result).merge_commit_sha }} + ref: ${{ github.event_name == 'pull_request_target' && fromJSON(steps.pr.outputs.result).merge_commit_sha || '' }} - name: Get changed files id: changed-files run: | - if ${{ github.event_name == 'pull_request' }}; then - echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | xargs)" >> $GITHUB_OUTPUT + if ${{ github.event_name == 'pull_request_target' }}; then + echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ steps.pr.outputs.result && fromJSON(steps.pr.outputs.result).merge_commit_sha }} | xargs)" >> $GITHUB_OUTPUT else echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | xargs)" >> $GITHUB_OUTPUT fi @@ -88,7 +89,7 @@ jobs: fi - name: Post results and comment - if: always() && steps.check-scripts.outputs.files != '' && steps.check-json.outputs.files != '' && github.event_name == 'pull_request' + if: always() && steps.check-scripts.outputs.files != '' && steps.check-json.outputs.files != '' && github.event_name == 'pull_request_target' uses: actions/github-script@v7 with: script: | diff --git a/.github/workflows/validate-formatting.yaml b/.github/workflows/validate-formatting.yaml index cde44d6a3..c0b6ef3be 100644 --- a/.github/workflows/validate-formatting.yaml +++ b/.github/workflows/validate-formatting.yaml @@ -18,6 +18,7 @@ jobs: steps: - name: Get pull request information + if: github.event_name == 'pull_request_target' uses: actions/github-script@v7 id: pr with: @@ -32,13 +33,13 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 # Ensure the full history is fetched for accurate diffing - ref: ${{ fromJSON(steps.pr.outputs.result).merge_commit_sha }} + ref: ${{ github.event_name == 'pull_request_target' && fromJSON(steps.pr.outputs.result).merge_commit_sha || '' }} - name: Get changed files id: changed-files run: | if ${{ github.event_name == 'pull_request' }}; then - echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT + echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ steps.pr.outputs.result && fromJSON(steps.pr.outputs.result).merge_commit_sha }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT else echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT fi diff --git a/.github/workflows/validate-scripts.yml b/.github/workflows/validate-scripts.yml index e7ee667d3..0df07a74c 100644 --- a/.github/workflows/validate-scripts.yml +++ b/.github/workflows/validate-scripts.yml @@ -17,6 +17,7 @@ jobs: steps: - name: Get pull request information + if: github.event_name == 'pull_request_target' uses: actions/github-script@v7 id: pr with: @@ -31,7 +32,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 # Ensure the full history is fetched for accurate diffing - ref: ${{fromJSON(steps.pr.outputs.result).merge_commit_sha}} + ref: ${{ github.event_name == 'pull_request_target' && fromJSON(steps.pr.outputs.result).merge_commit_sha || '' }} - name: Set execute permission for .sh files run: | @@ -40,8 +41,8 @@ jobs: - name: Get changed files id: changed-files run: | - if ${{ github.event_name == 'pull_request' }}; then - echo "files=$(git diff --name-only -r HEAD^1 HEAD | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT + if ${{ github.event_name == 'pull_request_target' }}; then + echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ steps.pr.outputs.result && fromJSON(steps.pr.outputs.result).merge_commit_sha }} | xargs)" >> $GITHUB_OUTPUT else echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT fi @@ -167,7 +168,7 @@ jobs: fi - name: Post results and comment - if: always() && steps.changed-files.outputs.files != '' && github.event_name == 'pull_request' + if: always() && steps.changed-files.outputs.files != '' && github.event_name == 'pull_request_target' uses: actions/github-script@v7 with: script: | From e1daaa6409d257314b29833bef1206da2f45aded Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 16:33:40 +0100 Subject: [PATCH 6/8] Update CHANGELOG.md (#1328) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab782eca2..23c169430 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,10 @@ Do not break established syntax in this file, as it is automatically updated by - update postgresql json to add post install password setup [@rdiazlugo](https://github.com/rdiazlugo) ([#1318](https://github.com/community-scripts/ProxmoxVE/pull/1318)) +### 🧰 Maintenance + +- fix: correctly handle pull_request_target event [@se-bastiaan](https://github.com/se-bastiaan) ([#1327](https://github.com/community-scripts/ProxmoxVE/pull/1327)) + ## 2025-01-07 ### Changed From 0059adecf1b2cce827e652aedefbc53679a3e672 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastiaan?= Date: Wed, 8 Jan 2025 21:41:58 +0100 Subject: [PATCH 7/8] fix(ci): formatting event & chmod +x (#1335) --- .github/workflows/validate-formatting.yaml | 4 ++-- .github/workflows/validate-scripts.yml | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/validate-formatting.yaml b/.github/workflows/validate-formatting.yaml index c0b6ef3be..220563976 100644 --- a/.github/workflows/validate-formatting.yaml +++ b/.github/workflows/validate-formatting.yaml @@ -38,7 +38,7 @@ jobs: - name: Get changed files id: changed-files run: | - if ${{ github.event_name == 'pull_request' }}; then + if ${{ github.event_name == 'pull_request_target' }}; then echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ steps.pr.outputs.result && fromJSON(steps.pr.outputs.result).merge_commit_sha }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT else echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT @@ -70,7 +70,7 @@ jobs: fi - name: Post comment with results - if: always() && steps.changed-files.outputs.files != '' && github.event_name == 'pull_request' + if: always() && steps.changed-files.outputs.files != '' && github.event_name == 'pull_request_target' uses: actions/github-script@v7 with: script: | diff --git a/.github/workflows/validate-scripts.yml b/.github/workflows/validate-scripts.yml index 0df07a74c..c58a5e593 100644 --- a/.github/workflows/validate-scripts.yml +++ b/.github/workflows/validate-scripts.yml @@ -33,10 +33,6 @@ jobs: with: fetch-depth: 0 # Ensure the full history is fetched for accurate diffing ref: ${{ github.event_name == 'pull_request_target' && fromJSON(steps.pr.outputs.result).merge_commit_sha || '' }} - - - name: Set execute permission for .sh files - run: | - chmod +x ct/*.sh - name: Get changed files id: changed-files From f428146c47e9121b556f8fa335895b9bb0aac29a Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 23:05:14 +0100 Subject: [PATCH 8/8] Update CHANGELOG.md (#1336) --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 23c169430..94a28fe1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ Do not break established syntax in this file, as it is automatically updated by ### 🧰 Maintenance +- fix(ci): formatting event & chmod +x [@se-bastiaan](https://github.com/se-bastiaan) ([#1335](https://github.com/community-scripts/ProxmoxVE/pull/1335)) - fix: correctly handle pull_request_target event [@se-bastiaan](https://github.com/se-bastiaan) ([#1327](https://github.com/community-scripts/ProxmoxVE/pull/1327)) ## 2025-01-07