diff --git a/pkg/runner/action.go b/pkg/runner/action.go index 9b14f1a4c4d..3809359405b 100644 --- a/pkg/runner/action.go +++ b/pkg/runner/action.go @@ -625,6 +625,7 @@ func runPostStep(step actionStep) common.Executor { case model.ActionRunsUsingNode12, model.ActionRunsUsingNode16, model.ActionRunsUsingNode20: populateEnvsFromSavedState(step.getEnv(), step, rc) + populateEnvsFromInput(ctx, step.getEnv(), step.getActionModel(), rc) containerArgs := []string{"node", path.Join(containerActionDir, action.Runs.Post)} logger.Debugf("executing remote job container: %s", containerArgs) diff --git a/pkg/runner/runner_test.go b/pkg/runner/runner_test.go index 4dc01e15d0e..dcd03db9813 100644 --- a/pkg/runner/runner_test.go +++ b/pkg/runner/runner_test.go @@ -242,6 +242,8 @@ func TestRunEvent(t *testing.T) { // Uses {workdir, "uses-composite", "push", "", platforms, secrets}, {workdir, "uses-composite-with-error", "push", "Job 'failing-composite-action' failed", platforms, secrets}, + {workdir, "uses-composite-check-for-input-collision", "push", "", platforms, secrets}, + {workdir, "uses-composite-check-for-input-shadowing", "push", "", platforms, secrets}, {workdir, "uses-nested-composite", "push", "", platforms, secrets}, {workdir, "remote-action-composite-js-pre-with-defaults", "push", "", platforms, secrets}, {workdir, "remote-action-composite-action-ref", "push", "", platforms, secrets}, diff --git a/pkg/runner/step.go b/pkg/runner/step.go index c67b5b049d5..e1bcf9ecfdc 100644 --- a/pkg/runner/step.go +++ b/pkg/runner/step.go @@ -239,6 +239,16 @@ func mergeEnv(ctx context.Context, step step) { } rc.withGithubEnv(ctx, step.getGithubContext(ctx), *env) + + if step.getStepModel().Uses != "" { + // prevent uses action input pollution of unset parameters, skip this for run steps + // due to design flaw + for key := range *env { + if strings.Contains(key, "INPUT_") { + delete(*env, key) + } + } + } } func isStepEnabled(ctx context.Context, expr string, step step, stage stepStage) (bool, error) { diff --git a/pkg/runner/step_test.go b/pkg/runner/step_test.go index 5af5acf5ff7..6752d72702f 100644 --- a/pkg/runner/step_test.go +++ b/pkg/runner/step_test.go @@ -139,6 +139,7 @@ func TestSetupEnv(t *testing.T) { JobContainer: cm, } step := &model.Step{ + Uses: "./", With: map[string]string{ "STEP_WITH": "with-value", }, diff --git a/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/action.yml b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/action.yml new file mode 100644 index 00000000000..1e9a8122f64 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/action.yml @@ -0,0 +1,16 @@ +name: "Action with pre and post" +description: "Action with pre and post" + +inputs: + step: + description: "step" + required: true + cache: + required: false + default: false + +runs: + using: "node16" + pre: pre.js + main: main.js + post: post.js diff --git a/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/main.js b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/main.js new file mode 100644 index 00000000000..5a58515a725 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/main.js @@ -0,0 +1,14 @@ +const { appendFileSync } = require('fs'); +const step = process.env['INPUT_STEP']; +appendFileSync(process.env['GITHUB_ENV'], `TEST=${step}`, { encoding:'utf-8' }) + +var cache = process.env['INPUT_CACHE'] +try { + var cache = JSON.parse(cache) +} catch { + +} +if(typeof cache !== 'boolean') { + console.log("Input Polluted boolean true/false expected, got " + cache) + process.exit(1); +} \ No newline at end of file diff --git a/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/post.js b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/post.js new file mode 100644 index 00000000000..2f06cfe8ac7 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/post.js @@ -0,0 +1,14 @@ +const { appendFileSync } = require('fs'); +const step = process.env['INPUT_STEP']; +appendFileSync(process.env['GITHUB_ENV'], `TEST=${step}-post`, { encoding:'utf-8' }) + +var cache = process.env['INPUT_CACHE'] +try { + var cache = JSON.parse(cache) +} catch { + +} +if(typeof cache !== 'boolean') { + console.log("Input Polluted boolean true/false expected, got " + cache) + process.exit(1); +} \ No newline at end of file diff --git a/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/pre.js b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/pre.js new file mode 100644 index 00000000000..5d5451401bf --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-collision/action-with-pre-and-post/pre.js @@ -0,0 +1,12 @@ +console.log('pre'); + +var cache = process.env['INPUT_CACHE'] +try { + var cache = JSON.parse(cache) +} catch { + +} +if(typeof cache !== 'boolean') { + console.log("Input Polluted boolean true/false expected, got " + cache) + process.exit(1); +} \ No newline at end of file diff --git a/pkg/runner/testdata/uses-composite-check-for-input-collision/composite_action/action.yml b/pkg/runner/testdata/uses-composite-check-for-input-collision/composite_action/action.yml new file mode 100644 index 00000000000..d9683b77c5a --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-collision/composite_action/action.yml @@ -0,0 +1,16 @@ +name: "Test Composite Action" +description: "Test action uses composite" + +inputs: + cache: + default: none + +runs: + using: "composite" + steps: + - uses: ./uses-composite-check-for-input-collision/action-with-pre-and-post + with: + step: step1 + - uses: ./uses-composite-check-for-input-collision/action-with-pre-and-post + with: + step: step2 diff --git a/pkg/runner/testdata/uses-composite-check-for-input-collision/push.yml b/pkg/runner/testdata/uses-composite-check-for-input-collision/push.yml new file mode 100644 index 00000000000..58510bb0f68 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-collision/push.yml @@ -0,0 +1,10 @@ +name: uses-composite-with-pre-and-post-steps +on: push + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: echo -n "STEP_OUTPUT_TEST=empty" >> $GITHUB_ENV + - uses: ./uses-composite-check-for-input-collision/composite_action diff --git a/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/action.yml b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/action.yml new file mode 100644 index 00000000000..1e9a8122f64 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/action.yml @@ -0,0 +1,16 @@ +name: "Action with pre and post" +description: "Action with pre and post" + +inputs: + step: + description: "step" + required: true + cache: + required: false + default: false + +runs: + using: "node16" + pre: pre.js + main: main.js + post: post.js diff --git a/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/main.js b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/main.js new file mode 100644 index 00000000000..5a58515a725 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/main.js @@ -0,0 +1,14 @@ +const { appendFileSync } = require('fs'); +const step = process.env['INPUT_STEP']; +appendFileSync(process.env['GITHUB_ENV'], `TEST=${step}`, { encoding:'utf-8' }) + +var cache = process.env['INPUT_CACHE'] +try { + var cache = JSON.parse(cache) +} catch { + +} +if(typeof cache !== 'boolean') { + console.log("Input Polluted boolean true/false expected, got " + cache) + process.exit(1); +} \ No newline at end of file diff --git a/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/post.js b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/post.js new file mode 100644 index 00000000000..2f06cfe8ac7 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/post.js @@ -0,0 +1,14 @@ +const { appendFileSync } = require('fs'); +const step = process.env['INPUT_STEP']; +appendFileSync(process.env['GITHUB_ENV'], `TEST=${step}-post`, { encoding:'utf-8' }) + +var cache = process.env['INPUT_CACHE'] +try { + var cache = JSON.parse(cache) +} catch { + +} +if(typeof cache !== 'boolean') { + console.log("Input Polluted boolean true/false expected, got " + cache) + process.exit(1); +} \ No newline at end of file diff --git a/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/pre.js b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/pre.js new file mode 100644 index 00000000000..5d5451401bf --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/action-with-pre-and-post/pre.js @@ -0,0 +1,12 @@ +console.log('pre'); + +var cache = process.env['INPUT_CACHE'] +try { + var cache = JSON.parse(cache) +} catch { + +} +if(typeof cache !== 'boolean') { + console.log("Input Polluted boolean true/false expected, got " + cache) + process.exit(1); +} \ No newline at end of file diff --git a/pkg/runner/testdata/uses-composite-check-for-input-shadowing/composite_action/action.yml b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/composite_action/action.yml new file mode 100644 index 00000000000..2cb5b4e9501 --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/composite_action/action.yml @@ -0,0 +1,18 @@ +name: "Test Composite Action" +description: "Test action uses composite" + +inputs: + cache: + default: true + +runs: + using: "composite" + steps: + - uses: ./uses-composite-check-for-input-shadowing/action-with-pre-and-post + with: + step: step1 + cache: ${{ inputs.cache || 'none' }} + - uses: ./uses-composite-check-for-input-shadowing/action-with-pre-and-post + with: + step: step2 + cache: ${{ inputs.cache || 'none' }} diff --git a/pkg/runner/testdata/uses-composite-check-for-input-shadowing/push.yml b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/push.yml new file mode 100644 index 00000000000..3fb6324288c --- /dev/null +++ b/pkg/runner/testdata/uses-composite-check-for-input-shadowing/push.yml @@ -0,0 +1,12 @@ +name: uses-composite-with-pre-and-post-steps +on: push + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: echo -n "STEP_OUTPUT_TEST=empty" >> $GITHUB_ENV + - uses: ./uses-composite-check-for-input-shadowing/composite_action + # with: + # cache: other