Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit fa4f89b

Browse filesBrowse files
committed
Fix publish-without-sfw: move shim dir on disk instead of PATH env override
GITHUB_PATH entries always take precedence over GITHUB_ENV PATH overrides (actions/toolkit#655), so the previous approach of writing a cleaned PATH to GITHUB_ENV was ineffective — the shim directory was always re-prepended. Instead, rename the shim directory to .disabled to remove shims from PATH resolution, and restore it afterward.
1 parent 976cb5d commit fa4f89b
Copy full SHA for fa4f89b

1 file changed

+6-8Lines changed: 6 additions & 8 deletions

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎.github/workflows/provenance.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/provenance.yml
+6-8Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -190,12 +190,10 @@ jobs:
190190

191191
- name: Strip sfw shims for publishing
192192
if: inputs.publish-without-sfw == true
193-
run: | # zizmor: ignore[github-env]
193+
run: |
194194
echo "Bypassing Socket firewall shims for publishing"
195-
echo "SFW_ORIGINAL_PATH=$PATH" >> "${GITHUB_ENV:-/dev/null}"
196-
if [ -n "$SFW_SHIM_DIR" ]; then
197-
CLEAN_PATH="$(echo "$PATH" | tr ':' '\n' | grep -vxF "$SFW_SHIM_DIR" | paste -sd: -)"
198-
echo "PATH=$CLEAN_PATH" >> "${GITHUB_ENV:-/dev/null}"
195+
if [ -n "$SFW_SHIM_DIR" ] && [ -d "$SFW_SHIM_DIR" ]; then
196+
mv "$SFW_SHIM_DIR" "${SFW_SHIM_DIR}.disabled"
199197
fi
200198
201199
- run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist
@@ -225,7 +223,7 @@ jobs:
225223
SOCKET_CLI_DEBUG: ${{ inputs.debug }}
226224
- name: Restore sfw shims after publishing
227225
if: inputs.publish-without-sfw == true && always()
228-
run: | # zizmor: ignore[github-env]
229-
if [ -n "$SFW_ORIGINAL_PATH" ]; then
230-
echo "PATH=$SFW_ORIGINAL_PATH" >> "${GITHUB_ENV:-/dev/null}"
226+
run: |
227+
if [ -n "$SFW_SHIM_DIR" ] && [ -d "${SFW_SHIM_DIR}.disabled" ]; then
228+
mv "${SFW_SHIM_DIR}.disabled" "$SFW_SHIM_DIR"
231229
fi

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.