Skip to content

Commit e35deba

Browse files
committed
apply suggestions
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
1 parent 06cb8e4 commit e35deba

1 file changed

Lines changed: 12 additions & 8 deletions

File tree

hack/update-actions.sh

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
# Scans workflow files for GitHub Actions, resolves the latest release,
33
# and prints the pinned hash reference.
44
#
5-
# Usage: ./scripts/update-actions.sh [--update]
5+
# Usage: ./hack/update-actions.sh [--update]
66
# --update Apply the pinned hashes to the workflow files in-place
77
# Requires: gh (GitHub CLI), authenticated
88

@@ -34,15 +34,17 @@ fi
3434
# Resolve latest release + commit hash for each action
3535
declare -A latest_tag latest_hash
3636

37+
sed_escape_regex() {
38+
printf '%s' "$1" | sed -E 's/[][\\.^$*+?{}()|]/\\&/g'
39+
}
40+
3741
resolve_tag_sha() {
3842
local repo=$1 tag=$2
39-
local ref_obj obj_type obj_sha
40-
41-
ref_obj=$(gh api "repos/$repo/git/ref/tags/$tag" \
42-
--jq '.object' 2>/dev/null) || true
43+
local ref_data obj_type obj_sha
4344

44-
obj_type=$(echo "$ref_obj" | jq -r '.type // empty' 2>/dev/null) || true
45-
obj_sha=$(echo "$ref_obj" | jq -r '.sha // empty' 2>/dev/null) || true
45+
ref_data=$(gh api "repos/$repo/git/ref/tags/$tag" \
46+
--jq '[.object.type // "", .object.sha // ""] | @tsv' 2>/dev/null) || true
47+
read -r obj_type obj_sha <<< "$ref_data"
4648

4749
# Dereference annotated tags to get the commit
4850
if [[ "$obj_type" == "tag" ]]; then
@@ -122,6 +124,8 @@ if [[ "$do_update" == true ]]; then
122124
current="${entry##*@}"
123125
hash="${latest_hash[$entry]}"
124126
tag="${latest_tag[$entry]}"
127+
escaped_repo=$(sed_escape_regex "$repo")
128+
escaped_current=$(sed_escape_regex "$current")
125129

126130
if [[ "$hash" == "(not found)" || "$current" == "$hash" ]]; then
127131
continue
@@ -130,7 +134,7 @@ if [[ "$do_update" == true ]]; then
130134
# Replace repo@current with repo@hash # tag in all workflow files
131135
while IFS= read -r file; do
132136
if grep -q "${repo}@${current}" "$file"; then
133-
sed -i "s|${repo}@${current}|${repo}@${hash} # ${tag}|g" "$file"
137+
sed -i -E "s|${escaped_repo}@${escaped_current}([[:space:]]*#.*)?|${repo}@${hash} # ${tag}|g" "$file"
134138
echo "Updated $repo in $(basename "$file"): ${current} -> ${hash} (${tag})"
135139
updated=$((updated + 1))
136140
fi

0 commit comments

Comments
 (0)