1919 pull-requests : write
2020
2121 steps :
22- - name : Install dependencies
23- run : sudo apt-get install -y pcregrep
24-
2522 # This is a sensitive workflow because we have write permissions for pull-requests but we are
2623 # processing remote code that we can't trust. Be careful not to place any trust in the contents
2724 # of the pull request.
@@ -39,17 +36,34 @@ jobs:
3936 # Download just the diff so it is harder to accidentally run any code from the pull request.
4037 gh pr diff --repo "$GH_REPO" "$PR_NUMBER" | tee pr.diff
4138
42- # Note that pcregrep exits with success on any match, failure on no match or internal buffer overflow.
43- # To avoid errors on big diffs like compressed SVGs, increase the internal buffer size dramatically.
44- # This is pretty big and uses ~50MB of RAM but the machines can fit that just fine.
45- if pcregrep --buffer-size 16777216 -M "^--- /dev/null\n\+\+\+ b/extensions/" pr.diff; then
39+ # grep doesn't have good multiline support and installing pcregrep through apt is slow, so
40+ # make our own tiny regex checker tool.
41+ cat > matches <<EOF
42+ #!/usr/bin/env python3
43+ import sys
44+ import re
45+
46+ pattern = sys.argv[1]
47+ file = sys.argv[2]
48+
49+ with open(file, 'r') as f:
50+ contents = f.read()
51+
52+ if re.search(pattern, contents, re.MULTILINE):
53+ sys.exit(0)
54+ else:
55+ sys.exit(1)
56+ EOF
57+ chmod +x matches
58+
59+ if ./matches "^--- /dev/null\n\+\+\+ b/extensions/" pr.diff; then
4660 # Example:
4761 # --- /dev/null
4862 # +++ b/extensions/DangoCat/extension.js
4963 echo "Adding label: $LABEL_NEW_EXTENSION"
5064 gh pr edit --repo "$GH_REPO" "$PR_NUMBER" --add-label "$LABEL_NEW_EXTENSION"
5165 got_any_specific_label=true
52- elif pcregrep --buffer-size 16777216 "^\+\+\+ b/extensions/" pr.diff; then
66+ elif ./matches "^\+\+\+ b/extensions/" pr.diff; then
5367 # Example:
5468 # --- a/extensions/DangoCat/extension.js
5569 # +++ b/extensions/DangoCat/extension.js
0 commit comments