ignore all hidden files when creating zip #102
Conversation
| run: if [ $(find artifact2 -type l | wc -l) != 0 ]; then echo "Symlinks found"; exit 1; fi | ||
| shell: bash | ||
|
|
||
| - name: Check for absence of hidden files |
There was a problem hiding this comment.
addtional change required ^ to generate hidden file, otherwise it test nothing :)
|
Sorry, but how should I upload the hidden files which is essential? |
|
@douyixuan For now if you opt to use this Action hidden files will be ignored. If you require these hidden files to be part of your project you may opt to not use this Action and instead utilize a different method to upload your files https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation. |
|
I just pulled this in via v4.0.0 without noticing that this was changed, and my site lost its It seems pretty retrictive to not provide any way to do this other than to manually create tarballs. Can an option be provided to control this? Or at least emit some sort of warning when a file was omitted so people are aware that this happened? |
|
I definitely appreciate the security-related goal here, but I have to second @jakebailey’s comment. |
|
I opened #129 to discuss outside a PR 😄 |
actions/upload-pages-artifact v4に入ってくる actions/upload-pages-artifact#102 により、多分次のファイルがGitHub Pages に含まれなくなる。それ以外は特に何もないはず。 - /voicevox_core/apis/python_api/.doctrees/** - /voicevox_core/apis/python_api/.buildinfo - /voicevox_core/apis/rust_api/.lock
They included a change which ignores all hidden files, just based off if it starts with a . We obviously want to publish a .well-known dir. See: actions/upload-pages-artifact#129 and: actions/upload-pages-artifact#102
The recent update to v4 included a change which ignores all hidden files We obviously want to publish a .well-known dir, so for now we can just downgrade. See: actions/upload-pages-artifact#129 and: actions/upload-pages-artifact#102
In upload-pages-artifact@v4 the maintainers have made the curious decision to omit hidden files (files whose names begin with ".") from the site that gets deployed to GitHub Pages and to provide no way to include a hidden file (at least "for now"), even though static sites may of course want to include files whose names begin with "." actions/upload-pages-artifact#102 Work around this in by creating the "artifact" (tar file) ourselves and uploading it using the upload-artifact action, as suggested in the upload-pages-artifact PR linked above.
In upload-pages-artifact@v4 the maintainers have made the curious decision to omit hidden files (files whose names begin with ".") from the site that gets deployed to GitHub Pages and to provide no way to include a hidden file (at least "for now"), even though static sites may of course want to include files whose names begin with "." actions/upload-pages-artifact#102 Work around this in by creating the "artifact" (tar file) ourselves and uploading it using the upload-artifact action, as suggested in the upload-pages-artifact PR linked above.
In the upload-artifact action it excludes hidden files that could lead to sensitive data. After talking with the actions team, even though we utilize this action at the very end we upload a
.tarfileupload-pages-artifact/action.yml
Line 80 in 1780dfc
.tar.