MokoConsulting/MokoCassiopeia
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 1 Activity

Update version_branch.yml

Browse Source
This commit is contained in:
Jonathan Miller
2025-12-23 17:15:21 -06:00
parent 17c3e67621
commit 2fc8eedd6e
1 changed files with 29 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
.github/workflows/version_branch.yml vendored
View File

@@ -182,38 +182,40 @@ jobs:
moko_init "Sanity check workflow file" moko_init "Sanity check workflow file"
python3 - <<'PY' python3 - <<'PY'
from pathlib import Path from pathlib import Path
target = Path('.github/workflows/version_branch.yml') target = Path('.github/workflows/version_branch.yml')
if not target.exists(): if not target.exists():
raise SystemExit('[FATAL] Missing workflow file: .github/workflows/version_branch.yml') raise SystemExit('[FATAL] Missing workflow file: .github/workflows/version_branch.yml')
data = target.read_bytes() data = target.read_bytes()
# Disallow literal tab (0x09) and other ASCII control characters except LF (0x0A) and CR (0x0D). # Disallow literal tab (0x09) and other ASCII control characters except LF (0x0A) and CR (0x0D).
# Report line numbers without printing the raw characters. # Report line numbers without printing the raw characters.
def byte_to_line(blob: bytes, idx: int) -> int:
return blob[:idx].count(b'\n') + 1
bad = [] def byte_to_line(blob: bytes, idx: int) -> int:
for i, b in enumerate(data): return blob[:idx].count(b'
if b == 0x09: ') + 1
bad.append(('TAB', i, b))
elif b < 0x20 and b not in (0x0A, 0x0D):
bad.append(('CTRL', i, b))
if bad: bad = []
print('[ERROR] Disallowed characters detected in workflow file:') for i, b in enumerate(data):
for kind, off, val in bad[:200]: if b == 0x09:
line_no = byte_to_line(data, off) bad.append(('TAB', i, b))
if kind == 'TAB': elif b < 0x20 and b not in (0x0A, 0x0D):
print(f' line {line_no}: TAB_PRESENT') bad.append(('CTRL', i, b))
else:
print(f' line {line_no}: CTRL_0x{val:02X}_PRESENT')
raise SystemExit(2)
print('[INFO] Sanity check passed') if bad:
PY print('[ERROR] Disallowed characters detected in workflow file:')
for kind, off, val in bad[:200]:
line_no = byte_to_line(data, off)
if kind == 'TAB':
print(f' line {line_no}: TAB_PRESENT')
else:
print(f' line {line_no}: CTRL_0x{val:02X}_PRESENT')
raise SystemExit(2)
print('[INFO] Sanity check passed')
PY
- name: Enterprise policy gate - name: Enterprise policy gate
run: | run: |
@@ -343,7 +345,7 @@ root = Path(".").resolve()
# Use escape sequences only. Do not introduce literal tab characters. # Use escape sequences only. Do not introduce literal tab characters.
header_re = re.compile(r"(?im)(VERSION[ \t]*:[ \t]*)([0-9]{2}[.][0-9]{2}[.][0-9]{2})") header_re = re.compile(r"(?im)(VERSION[ \t]*:[ \t]*)([0-9]{2}[.][0-9]{2}[.][0-9]{2})")
manifest_marker_re = re.compile(r"(?is)<extension\b\b") # word boundary guard manifest_marker_re = re.compile(r"(?is)<extension\b")
xml_version_re = re.compile(r"(?is)(<version[ \t]*>)([^<]*?)(</version[ \t]*>)") xml_version_re = re.compile(r"(?is)(<version[ \t]*>)([^<]*?)(</version[ \t]*>)")
xml_date_res = [ xml_date_res = [
re.compile(r"(?is)(<creationDate[ \t]*>)([^<]*?)(</creationDate[ \t]*>)"), re.compile(r"(?is)(<creationDate[ \t]*>)([^<]*?)(</creationDate[ \t]*>)"),