mirror of
https://github.com/streamyfin/streamyfin.git
synced 2026-06-02 03:58:36 +01:00
06510d2bd6
From the workflow security audit: - symlink-native-dirs.js: drop the execSync shell strings for fs.symlink/mkdir (removes a latent shell-injection surface; also clears dead commented code). - automerge.sh: add 'set -euo pipefail' and restore the starting branch on exit so a mid-merge failure can't leave the repo on the wrong branch. - conflict.yml: document that this pull_request_target workflow must never check out or run PR-head code (it only labels via the API today).
23 lines
592 B
Bash
Executable File
23 lines
592 B
Bash
Executable File
#!/bin/bash
|
|
# Local helper: fast-forward master into develop and back. Aborts on any failure and
|
|
# restores the branch you started on. Not used in CI.
|
|
set -euo pipefail
|
|
|
|
if [[ -n $(git status --porcelain) ]]; then
|
|
echo "Error: working tree is not clean — commit or stash first." >&2
|
|
exit 1
|
|
fi
|
|
|
|
start_branch=$(git rev-parse --abbrev-ref HEAD)
|
|
trap 'git checkout "$start_branch" >/dev/null 2>&1 || true' EXIT
|
|
|
|
git checkout master
|
|
git pull --ff-only
|
|
git checkout develop
|
|
git merge master
|
|
git push --follow-tags
|
|
git checkout master
|
|
git merge develop --ff-only
|
|
git push
|
|
git checkout develop
|