diff --git a/.changeset/drop-setup-command-input.md b/.changeset/drop-setup-command-input.md new file mode 100644 index 0000000000..a845151cc8 --- /dev/null +++ b/.changeset/drop-setup-command-input.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/.github/workflows/benchmark-community-world.yml b/.github/workflows/benchmark-community-world.yml index 59ea72b424..a15b29a27e 100644 --- a/.github/workflows/benchmark-community-world.yml +++ b/.github/workflows/benchmark-community-world.yml @@ -34,11 +34,6 @@ on: required: false type: string default: 'none' - setup-command: - description: 'Setup command to run after installing the world package' - required: false - type: string - default: '' full-suite: description: 'Run full benchmark suite including long-running tests' required: false @@ -116,14 +111,18 @@ jobs: WORLD_PACKAGE: ${{ inputs.world-package }} run: pnpm --filter "$APP_NAME" add "$WORLD_PACKAGE" - - name: Run setup command - if: ${{ inputs.setup-command != '' }} + # Per-world setup. Hardcoded (not taken from the matrix) so a malicious + # fork PR cannot smuggle arbitrary shell through matrix.world.setup-command. + - name: Per-world setup env: APP_NAME: ${{ inputs.app-name }} - SETUP_COMMAND: ${{ inputs.setup-command }} + WORLD_ID: ${{ inputs.world-id }} run: | cd "workbench/$APP_NAME" - eval "$SETUP_COMMAND" + case "$WORLD_ID" in + turso) pnpm exec workflow-turso-setup ;; + *) echo "No setup required for $WORLD_ID" ;; + esac - name: Resolve symlinks env: diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 0514692c72..74098f9e43 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -461,7 +461,6 @@ jobs: world-package: ${{ matrix.world.package }} service-type: ${{ matrix.world.service-type }} env-vars: ${{ matrix.world.env-vars }} - setup-command: ${{ matrix.world.setup-command }} # Run full suite only when manually triggered with full_suite=true full-suite: ${{ (github.event_name == 'workflow_dispatch' && inputs.full_suite) || contains(github.event.pull_request.labels.*.name, 'stress-test') }} secrets: inherit diff --git a/.github/workflows/e2e-community-world.yml b/.github/workflows/e2e-community-world.yml index 8a70b934a0..50558593b7 100644 --- a/.github/workflows/e2e-community-world.yml +++ b/.github/workflows/e2e-community-world.yml @@ -34,11 +34,6 @@ on: required: false type: string default: 'none' - setup-command: - description: 'Setup command to run after installing the world package' - required: false - type: string - default: '' jobs: e2e: @@ -112,14 +107,18 @@ jobs: WORLD_PACKAGE: ${{ inputs.world-package }} run: pnpm --filter "$APP_NAME" add "$WORLD_PACKAGE" - - name: Run setup command - if: ${{ inputs.setup-command != '' }} + # Per-world setup. Hardcoded (not taken from the matrix) so a malicious + # fork PR cannot smuggle arbitrary shell through matrix.world.setup-command. + - name: Per-world setup env: APP_NAME: ${{ inputs.app-name }} - SETUP_COMMAND: ${{ inputs.setup-command }} + WORLD_ID: ${{ inputs.world-id }} run: | cd "workbench/$APP_NAME" - eval "$SETUP_COMMAND" + case "$WORLD_ID" in + turso) pnpm exec workflow-turso-setup ;; + *) echo "No setup required for $WORLD_ID" ;; + esac - name: Resolve symlinks env: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 041fd1762a..c9f969070e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -731,7 +731,6 @@ jobs: world-package: ${{ matrix.world.package }} service-type: ${{ matrix.world.service-type }} env-vars: ${{ matrix.world.env-vars }} - setup-command: ${{ matrix.world.setup-command }} secrets: inherit # Final job: Aggregate all E2E results and update PR comment diff --git a/scripts/create-community-worlds-matrix.mjs b/scripts/create-community-worlds-matrix.mjs index 75b3aec8b1..de156bf5d6 100644 --- a/scripts/create-community-worlds-matrix.mjs +++ b/scripts/create-community-worlds-matrix.mjs @@ -63,7 +63,6 @@ const matrix = { package: world.package, 'service-type': serviceType, 'env-vars': JSON.stringify(world.env || {}), - 'setup-command': world.setup || '', }; }), };