8000 Fix bug in skipTests by ll5zh · Pull Request #5863 · dockstore/dockstore · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fix bug in skipTests #5863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 5, 2024
Merged

Fix bug in skipTests #5863

merged 9 commits into from
Apr 5, 2024

Conversation

ll5zh
Copy link
Contributor
@ll5zh ll5zh commented Apr 4, 2024

Description
[skipTests] has a bug regarding double quotes in commit messages, discovered in this run: https://app.circleci.com/pipelines/github/dockstore/dockstore/11103/workflows/32fc7c3e-7ef6-4349-86a1-57993fec2401/jobs/42460. It looks like the command fails to process the " characters literally, causing syntax errors when exporting COMMIT_MESSAGE.

Adding a command that substitutes instances of " with \" seems to resolve the issue, by escaping all double quotes (see https://app.circleci.com/pipelines/github/dockstore/dockstore/11107/workflows/76244033-1d18-4bb7-b748-6e76cdfb6fff/jobs/42481). On this branch, I also tried commit messages containing different special characters, to check that they can be properly exported as COMMIT_MESSAGE.

Review Instructions
From config.yml and the test commits, verify that commit messages containing double quotes (and other common, non-alphanumeric characters) are exported correctly (i.e. COMMIT_MESSAGE should be outputted properly).

Are there any other special characters that might be found in commit messages, which haven't been attempted and might cause similar issues to the double quote?

Issue
SEAB-5015
(https://oicr.slack.com/archives/C05EZH3RVNY/p1712251398680789)

Security and Privacy

If there are any concerns that require extra attention from the security team, highlight them here and check the box when complete.

  • Security and Privacy assessed

e.g. Does this change...

  • Any user data we collect, or data location?
  • Access control, authentication or authorization?
  • Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

  • Check that you pass the basic style checks and unit tests by running mvn clean install
  • Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
  • Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
  • If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
  • Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
  • Do not serve user-uploaded binary images through the Dockstore API
  • Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
  • Do not create cookies, although this may change in the future
  • If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

@ll5zh ll5zh self-assigned this Apr 4, 2024
@codecov Codecov
Copy link
codecov bot commented Apr 4, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.52%. Comparing base (c3fd1cb) to head (32e3903).
Report is 2 commits behind head on develop.

Additional details and impacted files 
@@              Coverage Diff               @@
##             develop    #5863       +/-   ##
==============================================
+ Coverage      61.78%   74.52%   +12.74%     
- Complexity      4277     5274      +997     
==============================================
  Files            369      369               
  Lines          19056    19056               
  Branches        2025     2025               
==============================================
+ Hits           11774    14202     +2428     
+ Misses          6300     3893     -2407     
+ Partials         982      961       -21
Flag Coverage Δ
bitbuckettests 27.06% <ø> (ø)
integrationtests 58.55% <ø> (+23.67%) ⬆️
languageparsingtests 11.00% <ø> (?)
localstacktests 21.57% <ø> (?)
toolintegrationtests 30.41% <ø> (ø)
unit-tests_and_non-confidential-tests 28.89% <ø> (ø)
workflowintegrationtests 38.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

svonworl
svonworl reviewed Apr 4, 2024
View reviewed changes
.circleci/config.yml Outdated
@@ -116,7 +116,7 @@ jobs:
- run:
name: evaluate [skipTests] condition
command: |
echo "export COMMIT_MESSAGE=\"$(git log --format=oneline -n 1 $CIRCLE_SHA1)\"" >> $BASH_ENV
echo "export COMMIT_MESSAGE=\"$(git log --format=oneline -n 1 $CIRCLE_SHA1 | sed 's/\"/\\\"/g')\"" >> $BASH_ENV
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this fix will break if the commit message contains a $, because we'll end up sourcing a line that looks something like:

export COMMIT_MESSAGE="this is a $test"

which will try to substitute the value of the test variable. Of course, a commit message like that isn't likely, until we change the code to be vulnerable, then it'll happen the next day, lol.

Could we directly set COMMIT_MESSAGE, without appending it to the BASH_ENV file? Something like

export COMMIT_MESSAGE="$(git log --format=oneline -n 1 $CIRCLE_SHA1)"

@sonarqubecloud SonarQubeCloud
Copy link
sonarqubecloud bot commented Apr 4, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@svonworl svonworl self-requested a review April 4, 2024 22:45
@ll5zh ll5zh merged commit 5bcd358 into develop Apr 5, 2024
@ll5zh ll5zh deleted the seab-5015/skip-bug branch April 5, 2024 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coverbeck coverbeck coverbeck approved these changes

@denis-yuen denis-yuen denis-yuen approved these changes

@svonworl svonworl svonworl approved these changes

@kathy-t kathy-t Awaiting requested review from kathy-t

Assignees

@ll5zh ll5zh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ll5zh @coverbeck @denis-yuen @svonworl
0