Merge pull request #201 from crazy-max/fix-sanitization

Do not sanitize before pattern matching
This commit is contained in:
CrazyMax 2022-05-05 11:33:19 +02:00 committed by GitHub
commit 26b9439ce3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 56 additions and 30 deletions

View file

@ -31,6 +31,7 @@ ___
* [`type=raw`](#typeraw)
* [`type=sha`](#typesha)
* [Notes](#notes)
* [Image name and tag sanitization](#image-name-and-tag-sanitization)
* [Latest tag](#latest-tag)
* [Global expressions](#global-expressions)
* [`{{branch}}`](#branch)
@ -508,13 +509,13 @@ Can create a regular expression for matching Git tag with a pattern and capturin
[push tag event](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#push) but, you can also use
a custom value through `value` attribute.
| Git tag | Pattern | Group | Output |
|-------------------------|-------------------------------|---------|------------------------|
| `v1.2.3` | `\d.\d.\d` | `0` | `1.2.3` |
| `v2.0.8-beta.67` | `v(.*)` | `1` | `2.0.8-beta.67` |
| `v2.0.8-beta.67` | `v(\d.\d)` | `1` | `2.0` |
| `20200110-RC2` | `\d+` | `0` | `20200110` |
| `p1/v1.2.3` | `p1-v(\d.\d.\d)` | `1` | `1.2.3` |
| Git tag | Pattern | Group | Output |
|-------------------------|------------------|---------|------------------------|
| `v1.2.3` | `\d.\d.\d` | `0` | `1.2.3` |
| `v2.0.8-beta.67` | `v(.*)` | `1` | `2.0.8-beta.67` |
| `v2.0.8-beta.67` | `v(\d.\d)` | `1` | `2.0` |
| `20200110-RC2` | `\d+` | `0` | `20200110` |
| `p1/v1.2.3` | `p1/v(\d.\d.\d)` | `1` | `1.2.3` |
Extended attributes and default values:
@ -625,6 +626,22 @@ tags: |
## Notes
### Image name and tag sanitization
In order to comply with [the specification](https://docs.docker.com/engine/reference/commandline/tag/#extended-description),
the image name components may contain lowercase letters, digits and separators.
A separator is defined as a period, one or two underscores, or one or more
dashes. A name component may not start or end with a separator.
A tag name must be a valid ASCII chars sequences and may contain lowercase and
uppercase letters, digits, underscores, periods and dashes. A tag name may not
start with a period or a dash and may contain a maximum of 128 characters.
To ease the integration in your workflow, this action will automatically:
* Lowercase the image name
* Replace invalid chars sequences with `-` for tags
### Latest tag
`latest` tag is handled through the [`flavor` input](#flavor-input). It will be generated by default (`auto` mode) for:

View file

@ -53,7 +53,7 @@ describe('transform', () => {
[
`name=name/bar`,
`name/foo,enable=false`,
`name=ghcr.io/name/foo,enable=true`
`name=ghcr.io/UserName/Foo,enable=true`
],
[
{
@ -65,7 +65,7 @@ describe('transform', () => {
enable: false,
},
{
name: `ghcr.io/name/foo`,
name: `ghcr.io/UserName/Foo`,
enable: true,
},
] as Image[],

View file

@ -1277,9 +1277,9 @@ describe('tag', () => {
{
images: ['org/app', 'ghcr.io/user/app'],
tags: [
`type=match,pattern=p1-v(\\d.\\d.\\d),group=1`,
`type=match,pattern=p1-v(\\d.\\d),group=1`,
`type=match,pattern=p1-v(\\d.\\d),group=3`,
`type=match,pattern=p1/v(\\d.\\d.\\d),group=1`,
`type=match,pattern=p1/v(\\d.\\d),group=1`,
`type=match,pattern=p1/v(\\d.\\d),group=3`,
`type=ref,event=pr`,
`type=sha`
]
@ -1316,8 +1316,8 @@ describe('tag', () => {
{
images: ['org/app', 'ghcr.io/user/app'],
tags: [
`type=match,pattern=p1-v(\\d.\\d.\\d),group=1`,
`type=match,pattern=p1-v(\\d.\\d),group=1,suffix=`,
`type=match,pattern=p1/v(\\d.\\d.\\d),group=1`,
`type=match,pattern=p1/v(\\d.\\d),group=1,suffix=`,
`type=ref,event=pr`,
`type=sha`
],

2
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View file

@ -22,7 +22,7 @@ export function Transform(inputs: string[]): Image[] {
.split('=')
.map(item => item.trim());
if (parts.length == 1) {
images.push({name: parts[0].toLowerCase(), enable: true});
images.push({name: parts[0], enable: true});
} else {
newformat = true;
break;
@ -46,13 +46,13 @@ export function Transform(inputs: string[]): Image[] {
.split('=')
.map(item => item.trim());
if (parts.length == 1) {
image.name = parts[0].toLowerCase();
image.name = parts[0];
} else {
const key = parts[0].toLowerCase();
const value = parts[1];
switch (key) {
case 'name': {
image.name = value.toLowerCase();
image.name = value;
break;
}
case 'enable': {

View file

@ -224,7 +224,7 @@ export class Meta {
if (tag.attrs['value'].length > 0) {
vraw = this.setGlobalExp(tag.attrs['value']);
} else {
vraw = this.context.ref.replace(/^refs\/tags\//g, '').replace(/\//g, '-');
vraw = this.context.ref.replace(/^refs\/tags\//g, '');
}
let tmatch;
@ -251,7 +251,7 @@ export class Meta {
if (!/^refs\/heads\//.test(this.context.ref)) {
return version;
}
const vraw = this.setValue(this.context.ref.replace(/^refs\/heads\//g, '').replace(/[^a-zA-Z0-9._-]+/g, '-'), tag);
const vraw = this.setValue(this.context.ref.replace(/^refs\/heads\//g, ''), tag);
return Meta.setVersion(version, vraw, this.flavor.latest == 'auto' ? false : this.flavor.latest == 'true');
}
@ -259,7 +259,7 @@ export class Meta {
if (!/^refs\/tags\//.test(this.context.ref)) {
return version;
}
const vraw = this.setValue(this.context.ref.replace(/^refs\/tags\//g, '').replace(/\//g, '-'), tag);
const vraw = this.setValue(this.context.ref.replace(/^refs\/tags\//g, ''), tag);
return Meta.setVersion(version, vraw, this.flavor.latest == 'auto' ? true : this.flavor.latest == 'true');
}
@ -277,7 +277,7 @@ export class Meta {
return version;
}
const val = this.context.ref.replace(/^refs\/heads\//g, '').replace(/[^a-zA-Z0-9._-]+/g, '-');
const val = this.context.ref.replace(/^refs\/heads\//g, '');
if (tag.attrs['branch'].length == 0) {
tag.attrs['branch'] = this.repo.default_branch;
}
@ -357,20 +357,20 @@ export class Meta {
if (!/^refs\/heads\//.test(ctx.ref)) {
return '';
}
return ctx.ref.replace(/^refs\/heads\//g, '').replace(/[^a-zA-Z0-9._-]+/g, '-');
return ctx.ref.replace(/^refs\/heads\//g, '');
},
tag: function () {
if (!/^refs\/tags\//.test(ctx.ref)) {
return '';
}
return ctx.ref.replace(/^refs\/tags\//g, '').replace(/\//g, '-');
return ctx.ref.replace(/^refs\/tags\//g, '');
},
sha: function () {
return ctx.sha.substr(0, 7);
},
base_ref: function () {
if (/^refs\/tags\//.test(ctx.ref) && ctx.payload?.base_ref != undefined) {
return ctx.payload.base_ref.replace(/^refs\/heads\//g, '').replace(/\//g, '-');
return ctx.payload.base_ref.replace(/^refs\/heads\//g, '');
}
// FIXME: keep this for backward compatibility even if doesn't always seem
// to return the expected branch. See the comment below.
@ -413,7 +413,7 @@ export class Meta {
if (!image.enable) {
continue;
}
images.push(image.name);
images.push(Meta.sanitizeImageName(image.name));
}
return images;
}
@ -424,12 +424,13 @@ export class Meta {
}
const tags: Array<string> = [];
for (const imageName of this.getImageNames()) {
tags.push(`${imageName}:${this.version.main}`);
tags.push(`${imageName}:${Meta.sanitizeTag(this.version.main)}`);
for (const partial of this.version.partial) {
tags.push(`${imageName}:${partial}`);
tags.push(`${imageName}:${Meta.sanitizeTag(partial)}`);
}
if (this.version.latest) {
tags.push(`${imageName}:${this.flavor.prefixLatest ? this.flavor.prefix : ''}latest${this.flavor.suffixLatest ? this.flavor.suffix : ''}`);
const latestTag = `${this.flavor.prefixLatest ? this.flavor.prefix : ''}latest${this.flavor.suffixLatest ? this.flavor.suffix : ''}`;
tags.push(`${imageName}:${Meta.sanitizeTag(latestTag)}`);
}
}
return tags;
@ -495,4 +496,12 @@ export class Meta {
return bakeFile;
}
private static sanitizeImageName(name: string): string {
return name.toLowerCase();
}
private static sanitizeTag(tag: string): string {
return tag.replace(/[^a-zA-Z0-9._-]+/g, '-');
}
}