Alex-Devera/v2rayN
1
0
Fork 0
mirror of https://github.com/2dust/v2rayN.git synced 2026-04-16 12:35:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix: pin 7 unpinned action(s),extract 10 unsafe expression(s) to env vars

Browse source 
Automated security fixes applied by Runner Guard (https://github.com/Vigilant-LLC/runner-guard).

Changes:
 .github/workflows/build-all.yml             | 30 ++++++++++++++++++++---------
 .github/workflows/build-linux.yml           |  6 +++---
 .github/workflows/build-osx.yml             | 10 ++++++----
 .github/workflows/build-windows-desktop.yml |  2 +-
 .github/workflows/build-windows.yml         |  2 +-
 .github/workflows/winget-publish.yml        |  5 ++++-
 6 files changed, 36 insertions(+), 19 deletions(-)
This commit is contained in:
Chris Nyhuis 2026-03-26 04:28:49 -04:00
parent 005cb620ec
commit e83a7dd932
6 changed files with 36 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
.github/workflows/build-all.yml vendored
View file

@ -17,53 +17,65 @@ jobs:
run: | run: |
curl -X POST \ curl -X POST \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Authorization: token ${GITHUB_TOKEN}" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-windows.yml/dispatches \ https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-windows.yml/dispatches \
-d "{ -d "{
\"ref\": \"master\", \"ref\": \"master\",
\"inputs\": { \"inputs\": {
\"release_tag\": \"${{ github.event.inputs.release_tag }}\" \"release_tag\": \"${INPUT_RELEASE_TAG}\"
} }
}" }"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INPUT_RELEASE_TAG: ${{ github.event.inputs.release_tag }}
- name: Trigger build linux - name: Trigger build linux
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
run: | run: |
curl -X POST \ curl -X POST \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Authorization: token ${GITHUB_TOKEN}" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-linux.yml/dispatches \ https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-linux.yml/dispatches \
-d "{ -d "{
\"ref\": \"master\", \"ref\": \"master\",
\"inputs\": { \"inputs\": {
\"release_tag\": \"${{ github.event.inputs.release_tag }}\" \"release_tag\": \"${INPUT_RELEASE_TAG}\"
} }
}" }"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INPUT_RELEASE_TAG: ${{ github.event.inputs.release_tag }}
- name: Trigger build osx - name: Trigger build osx
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
run: | run: |
curl -X POST \ curl -X POST \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Authorization: token ${GITHUB_TOKEN}" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-osx.yml/dispatches \ https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-osx.yml/dispatches \
-d "{ -d "{
\"ref\": \"master\", \"ref\": \"master\",
\"inputs\": { \"inputs\": {
\"release_tag\": \"${{ github.event.inputs.release_tag }}\" \"release_tag\": \"${INPUT_RELEASE_TAG}\"
} }
}" }"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INPUT_RELEASE_TAG: ${{ github.event.inputs.release_tag }}
- name: Trigger build windows desktop - name: Trigger build windows desktop
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
run: | run: |
curl -X POST \ curl -X POST \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Authorization: token ${GITHUB_TOKEN}" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-windows-desktop.yml/dispatches \ https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-windows-desktop.yml/dispatches \
-d "{ -d "{
\"ref\": \"master\", \"ref\": \"master\",
\"inputs\": { \"inputs\": {
\"release_tag\": \"${{ github.event.inputs.release_tag }}\" \"release_tag\": \"${INPUT_RELEASE_TAG}\"
} }
}" }"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INPUT_RELEASE_TAG: ${{ github.event.inputs.release_tag }}

6
.github/workflows/build-linux.yml vendored
View file

@ -62,7 +62,7 @@ jobs:
./package-release-zip.sh "$OutputArchArm" "$OutputPathArm64" ./package-release-zip.sh "$OutputArchArm" "$OutputPathArm64"
- name: Upload zip archive to release - name: Upload zip archive to release
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
with: with:
file: ${{ github.workspace }}/v2rayN*.zip file: ${{ github.workspace }}/v2rayN*.zip
@ -122,7 +122,7 @@ jobs:
path: dist/deb/**/*.deb path: dist/deb/**/*.deb
- name: Upload DEBs to release - name: Upload DEBs to release
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
with: with:
file: dist/deb/**/*.deb file: dist/deb/**/*.deb
tag: ${{ env.RELEASE_TAG }} tag: ${{ env.RELEASE_TAG }}
@ -235,7 +235,7 @@ jobs:
path: dist/rpm/**/*.rpm path: dist/rpm/**/*.rpm
- name: Upload RPMs to release - name: Upload RPMs to release
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
with: with:
file: dist/rpm/**/*.rpm file: dist/rpm/**/*.rpm
tag: ${{ env.RELEASE_TAG }} tag: ${{ env.RELEASE_TAG }}

10
.github/workflows/build-osx.yml vendored
View file

@ -57,11 +57,13 @@ jobs:
run: | run: |
brew install create-dmg brew install create-dmg
chmod 755 package-osx.sh chmod 755 package-osx.sh
./package-osx.sh $OutputArch $OutputPath64 ${{ github.event.inputs.release_tag }} ./package-osx.sh $OutputArch $OutputPath64 ${INPUT_RELEASE_TAG}
./package-osx.sh $OutputArchArm $OutputPathArm64 ${{ github.event.inputs.release_tag }} ./package-osx.sh $OutputArchArm $OutputPathArm64 ${INPUT_RELEASE_TAG}
env:
INPUT_RELEASE_TAG: ${{ github.event.inputs.release_tag }}
- name: Upload dmg to release - name: Upload dmg to release
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
with: with:
file: ${{ github.workspace }}/v2rayN*.dmg file: ${{ github.workspace }}/v2rayN*.dmg
@ -78,7 +80,7 @@ jobs:
./package-release-zip.sh $OutputArchArm $OutputPathArm64 ./package-release-zip.sh $OutputArchArm $OutputPathArm64
- name: Upload zip archive to release - name: Upload zip archive to release
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
with: with:
file: ${{ github.workspace }}/v2rayN*.zip file: ${{ github.workspace }}/v2rayN*.zip

2
.github/workflows/build-windows-desktop.yml vendored
View file

@ -62,7 +62,7 @@ jobs:
mv "v2rayN-${OutputArchArm}.zip" "v2rayN-${OutputArchArm}-desktop.zip" mv "v2rayN-${OutputArchArm}.zip" "v2rayN-${OutputArchArm}-desktop.zip"
- name: Upload zip archive to release - name: Upload zip archive to release
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
with: with:
file: ${{ github.workspace }}/v2rayN*.zip file: ${{ github.workspace }}/v2rayN*.zip

2
.github/workflows/build-windows.yml vendored
View file

@ -57,7 +57,7 @@ jobs:
./package-release-zip.sh $OutputArchArm $OutputPathArm64 ./package-release-zip.sh $OutputArchArm $OutputPathArm64
- name: Upload zip archive to release - name: Upload zip archive to release
uses: svenstaro/upload-release-action@v2 uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
if: github.event.inputs.release_tag != '' if: github.event.inputs.release_tag != ''
with: with:
file: ${{ github.workspace }}/v2rayN*.zip file: ${{ github.workspace }}/v2rayN*.zip

5
.github/workflows/winget-publish.yml vendored
View file

@ -17,7 +17,7 @@ jobs:
run: | run: |
$wingetPackage = "2dust.v2rayN" $wingetPackage = "2dust.v2rayN"
$gitToken = "${{ secrets.PT_WINGET }}" $gitToken = "${PT_WINGET}"
$github = Invoke-RestMethod -uri "https://api.github.com/repos/2dust/v2rayN/releases" $github = Invoke-RestMethod -uri "https://api.github.com/repos/2dust/v2rayN/releases"
@ -37,3 +37,6 @@ jobs:
Write-Host "arm64 URL: $arm64InstallerUrl" Write-Host "arm64 URL: $arm64InstallerUrl"
.\wingetcreate.exe update $wingetPackage -s -v $ver -u "$x64InstallerUrl|x64" "$arm64InstallerUrl|arm64" -t $gitToken .\wingetcreate.exe update $wingetPackage -s -v $ver -u "$x64InstallerUrl|x64" "$arm64InstallerUrl|arm64" -t $gitToken
env:
PT_WINGET: ${{ secrets.PT_WINGET }}