diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-18 21:08:05 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-18 21:08:05 +0300 |
commit | 6b5d8b17e28741bccf31029633cc5af7ceab1486 (patch) | |
tree | 38732dffc21a5084b5c3d49b56b81aa11b4e657e /scripts/lib/glfm/update_specification.rb | |
parent | a84995f457d775bb73598d4393c3bc99805d9b58 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'scripts/lib/glfm/update_specification.rb')
-rw-r--r-- | scripts/lib/glfm/update_specification.rb | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/scripts/lib/glfm/update_specification.rb b/scripts/lib/glfm/update_specification.rb index df648f4115b..73c23d40de5 100644 --- a/scripts/lib/glfm/update_specification.rb +++ b/scripts/lib/glfm/update_specification.rb @@ -12,13 +12,35 @@ module Glfm def process output('Updating specification...') - ghfm_spec_txt_lines = download_and_write_ghfm_spec_txt + ghfm_spec_txt_lines = load_ghfm_spec_txt glfm_spec_txt_string = build_glfm_spec_txt(ghfm_spec_txt_lines) write_glfm_spec_txt(glfm_spec_txt_string) end private + def load_ghfm_spec_txt + # We only re-download the GitHub Flavored Markdown specification if the + # UPDATE_GHFM_SPEC_TXT environment variable is set to true, which should only + # ever be done manually and locally, never in CI. This provides some security + # protection against a possible injection attack vector, if the GitHub-hosted + # version of the spec is ever temporarily compromised with an injection attack. + # + # This also avoids doing external network access to download the file + # in CI jobs, which can avoid potentially flaky builds if the GitHub-hosted + # version of the file is temporarily unavailable. + if ENV['UPDATE_GHFM_SPEC_TXT'] == 'true' + download_and_write_ghfm_spec_txt + else + read_existing_ghfm_spec_txt + end + end + + def read_existing_ghfm_spec_txt + output("Reading existing #{GHFM_SPEC_TXT_PATH}...") + File.open(GHFM_SPEC_TXT_PATH).readlines + end + def download_and_write_ghfm_spec_txt output("Downloading #{GHFM_SPEC_TXT_URI}...") ghfm_spec_txt_uri_io = URI.open(GHFM_SPEC_TXT_URI) |