Stop distributing development files

10up / safe-svg

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.

https://wordpress.org/plugins/safe-svg/

GNU General Public License v2.0

272 stars 31 forks source link

Stop distributing development files #143

Closed szepeviktor closed 2 months ago

szepeviktor commented 1 year ago

Resolves #97

Here is how to test.

git archive HEAD | tar --list

szepeviktor commented 1 year ago

💡 There is a safeguard for this problem. https://github.com/szepeviktor/byte-level-care/blob/61ca4439630a47d4e6946173a369270a4729bfb2/.github/workflows/reusable-integrity.yml#L160-L171

peterwilsoncc commented 1 year ago

@szepeviktor Thanks for the pull request and linking to your workflow file.

The generated zip file contains a few files that are listed in the .gitignore file. By default git archive ignores these files, do you know if there is a method that will allow safe-svg to include these files when generating the zip file via git archive?

The affected files are:

built assets in the /dist directory
production assets included in the /vendor directory

I've hit a few road-blocks trying to figure it out, so would value any input.

szepeviktor commented 1 year ago

do you know if there is a method that will allow safe-svg to include these files

There is an option for that: https://git-scm.com/docs/git-archive#Documentation/git-archive.txt---add-fileltfilegt

BTW .gitignore is unrelated to .gitattributes

jeffpaul commented 10 months ago

Isn't this covered by the .distignore file?

szepeviktor commented 10 months ago

Maybe. Composer uses GitHub ZIP, those are not affected by distignore.

jeffpaul commented 2 months ago

Closing in favor of alternate handling of #97 in #220.