mirror of
https://github.com/ivuorinen/actions.git
synced 2026-01-26 11:34:00 +00:00
a1d55ac125
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
173 lines
5.7 KiB
YAML
173 lines
5.7 KiB
YAML
# yaml-language-server: $schema=https://json.schemastore.org/github-action.json
|
|
# permissions:
|
|
# - contents: write # Required for creating commits
|
|
# - pull-requests: write # Required for creating pull requests
|
|
---
|
|
#
|
|
# Compress images on demand (workflow_dispatch), and at 11pm every Sunday (schedule).
|
|
# Open a Pull Request if any images can be compressed.
|
|
name: Compress Images
|
|
description: Compress images on demand (workflow_dispatch), and at 11pm every Sunday (schedule).
|
|
author: Ismo Vuorinen
|
|
|
|
branding:
|
|
icon: image
|
|
color: blue
|
|
|
|
inputs:
|
|
token:
|
|
description: 'GitHub token for authentication'
|
|
required: false
|
|
default: ${{ github.token }}
|
|
username:
|
|
description: 'GitHub username for commits'
|
|
required: false
|
|
default: 'github-actions'
|
|
email:
|
|
description: 'GitHub email for commits'
|
|
required: false
|
|
default: 'github-actions@github.com'
|
|
working-directory:
|
|
description: 'Directory containing images to compress'
|
|
required: false
|
|
default: '.'
|
|
image-quality:
|
|
description: 'JPEG compression quality (0-100)'
|
|
required: false
|
|
default: '85'
|
|
png-quality:
|
|
description: 'PNG compression quality (0-100)'
|
|
required: false
|
|
default: '95'
|
|
ignore-paths:
|
|
description: 'Paths to ignore during compression (glob patterns)'
|
|
required: false
|
|
default: 'node_modules/**,dist/**,build/**'
|
|
|
|
outputs:
|
|
images_compressed:
|
|
description: 'Whether any images were compressed (boolean)'
|
|
value: ${{ steps.calibre.outputs.markdown != '' && 'true' || 'false' }}
|
|
compression_report:
|
|
description: 'Markdown report of compression results'
|
|
value: ${{ steps.calibre.outputs.markdown }}
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Validate Inputs
|
|
id: validate
|
|
shell: sh
|
|
env:
|
|
WORKING_DIRECTORY: ${{ inputs.working-directory }}
|
|
IMAGE_QUALITY: ${{ inputs.image-quality }}
|
|
PNG_QUALITY: ${{ inputs.png-quality }}
|
|
IGNORE_PATHS: ${{ inputs.ignore-paths }}
|
|
EMAIL: ${{ inputs.email }}
|
|
USERNAME: ${{ inputs.username }}
|
|
GITHUB_TOKEN: ${{ inputs.token }}
|
|
run: |
|
|
set -eu
|
|
|
|
# Validate working directory
|
|
if [ ! -d "$WORKING_DIRECTORY" ]; then
|
|
echo "::error::Invalid working-directory: '$WORKING_DIRECTORY'. Directory does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
# Validate path security (prevent absolute paths and path traversal)
|
|
case "$WORKING_DIRECTORY" in
|
|
/*|~*|[A-Za-z]:*|*..*)
|
|
echo "::error::Invalid working-directory: '$WORKING_DIRECTORY'. Absolute paths and path traversal not allowed"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Validate image quality (0-100) - must be numeric
|
|
case "$IMAGE_QUALITY" in
|
|
''|*[!0-9]*)
|
|
echo "::error::Invalid image-quality: '$IMAGE_QUALITY'. Must be a number between 0 and 100"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if [ "$IMAGE_QUALITY" -lt 0 ] || [ "$IMAGE_QUALITY" -gt 100 ]; then
|
|
echo "::error::Invalid image-quality: '$IMAGE_QUALITY'. Must be between 0 and 100"
|
|
exit 1
|
|
fi
|
|
|
|
# Validate PNG quality (0-100) - must be numeric
|
|
case "$PNG_QUALITY" in
|
|
''|*[!0-9]*)
|
|
echo "::error::Invalid png-quality: '$PNG_QUALITY'. Must be a number between 0 and 100"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if [ "$PNG_QUALITY" -lt 0 ] || [ "$PNG_QUALITY" -gt 100 ]; then
|
|
echo "::error::Invalid png-quality: '$PNG_QUALITY'. Must be between 0 and 100"
|
|
exit 1
|
|
fi
|
|
|
|
# Validate ignore paths format (prevent command injection and path traversal)
|
|
case "$IGNORE_PATHS" in
|
|
*\;*|*\&\&*|*\|*|*\`*|*\$\(*|*\$\{*|*\<*|*\>*|*..\*)
|
|
echo "::error::Invalid ignore-paths: '$IGNORE_PATHS'. Command injection patterns and path traversal not allowed"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Validate email format (basic check)
|
|
case "$EMAIL" in
|
|
*@*.*) ;;
|
|
*)
|
|
echo "::error::Invalid email format: '$EMAIL'. Expected valid email address"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Validate username format (prevent command injection)
|
|
case "$USERNAME" in
|
|
*\;*|*\&\&*|*\|*)
|
|
echo "::error::Invalid username: '$USERNAME'. Command injection patterns not allowed"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Validate token format if provided (basic GitHub token pattern)
|
|
if [ -n "$GITHUB_TOKEN" ]; then
|
|
case "$GITHUB_TOKEN" in
|
|
gh[efpousr]_?????????????????????????????????????)
|
|
;;
|
|
*)
|
|
echo "::warning::GitHub token format may be invalid. Expected format: gh*_36characters"
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta
|
|
with:
|
|
token: ${{ inputs.token }}
|
|
|
|
- name: Compress Images
|
|
id: calibre
|
|
uses: calibreapp/image-actions@f32575787d333b0579f0b7d506ff03be63a669d1 # 1.4.1
|
|
with:
|
|
compressOnly: true
|
|
githubToken: ${{ inputs.token }}
|
|
jpegQuality: ${{ inputs.image-quality }}
|
|
pngQuality: ${{ inputs.png-quality }}
|
|
ignorePaths: ${{ inputs.ignore-paths }}
|
|
workingDirectory: ${{ inputs.working-directory }}
|
|
|
|
- name: Create New Pull Request If Needed
|
|
if: steps.calibre.outputs.markdown != ''
|
|
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
|
|
with:
|
|
token: ${{ inputs.token }}
|
|
title: 'chore: compress images'
|
|
branch-suffix: timestamp
|
|
commit-message: 'chore: compress images'
|
|
body: ${{ steps.calibre.outputs.markdown }}
|