mirror of
https://github.com/streamyfin/streamyfin.git
synced 2026-06-02 03:58:36 +01:00
06510d2bd6
From the workflow security audit: - symlink-native-dirs.js: drop the execSync shell strings for fs.symlink/mkdir (removes a latent shell-injection surface; also clears dead commented code). - automerge.sh: add 'set -euo pipefail' and restore the starting branch on exit so a mid-merge failure can't leave the repo on the wrong branch. - conflict.yml: document that this pull_request_target workflow must never check out or run PR-head code (it only labels via the API today).
29 lines
833 B
JavaScript
29 lines
833 B
JavaScript
#!/usr/bin/env node
|
|
|
|
// Symlinks the platform-specific native dirs to `ios` / `android` depending on EXPO_TV.
|
|
// Uses fs APIs (no shell) so there is no command-injection surface.
|
|
|
|
const fs = require("node:fs");
|
|
const path = require("node:path");
|
|
|
|
const root = process.cwd();
|
|
const isTV = process.env.EXPO_TV && process.env.EXPO_TV !== "0";
|
|
|
|
const links = isTV
|
|
? { ios: path.join(root, "iostv"), android: path.join(root, "androidtv") }
|
|
: {
|
|
ios: path.join(root, "iosmobile"),
|
|
android: path.join(root, "androidmobile"),
|
|
};
|
|
|
|
for (const [link, target] of Object.entries(links)) {
|
|
fs.mkdirSync(target, { recursive: true });
|
|
try {
|
|
fs.unlinkSync(link); // replace an existing symlink/file (ln -nsf)
|
|
} catch {
|
|
// nothing to remove
|
|
}
|
|
fs.symlinkSync(target, link);
|
|
console.log(`${link} -> ${target}`);
|
|
}
|