Befator-Inc-Firmen-Netzwerk/msys2-autobuild
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 10 Wiki Activity

Don't pass CI related env vars to build scripts

Browse Source 
Fixes #30
This commit is contained in:
Christoph Reiter 2021-06-25 10:36:02 +02:00
parent 3c86ba12f9
commit 9e3bd5306d
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
autobuild.py
View File

@ -203,7 +203,7 @@ def shlex_join(split_command: List[str]) -> str:
def run_cmd(msys2_root: _PathLike, args, **kwargs): def run_cmd(msys2_root: _PathLike, args, **kwargs):
executable = os.path.join(msys2_root, 'usr', 'bin', 'bash.exe') executable = os.path.join(msys2_root, 'usr', 'bin', 'bash.exe')
env = kwargs.pop("env", os.environ.copy()) env = clean_environ(kwargs.pop("env", os.environ.copy()))
env["CHERE_INVOKING"] = "1" env["CHERE_INVOKING"] = "1"
env["MSYSTEM"] = "MSYS" env["MSYSTEM"] = "MSYS"
env["MSYS2_PATH_TYPE"] = "minimal" env["MSYS2_PATH_TYPE"] = "minimal"
@ -1276,6 +1276,20 @@ def wait_for_api_limit_reset(
time.sleep(wait) time.sleep(wait)
def clean_environ(environ: Dict[str, str]) -> Dict[str, str]:
"""Returns an environment without any CI related variables.
This is to avoid leaking secrets to package build scripts we call.
While in theory we turst them this can't hurt.
"""
new_env = environ.copy()
for key in list(new_env):
if key.startswith(("GITHUB_", "RUNNER_")):
del new_env[key]
return new_env
def main(argv: List[str]): def main(argv: List[str]):
parser = argparse.ArgumentParser(description="Build packages", allow_abbrev=False) parser = argparse.ArgumentParser(description="Build packages", allow_abbrev=False)
parser.set_defaults(func=lambda *x: parser.print_help()) parser.set_defaults(func=lambda *x: parser.print_help())