github-actions[bot]
commented
3 months ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
Closed ashermiddleton closed 3 months ago
github-actions[bot]
commented
3 months ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
As mentioned in #145 if the
TARGETargument is unspecified then the action should exit and return an error before any changes are made to the filesystem. In other words,TARGETshould not have a default value. IfTARGETis assigned to a non-existent GitHub secret or empty variable then it will proceed to work in the/home/REMOTE_USERdirectory, in accordance with the docs:I think it's clear to see why this behaviour is extremely dangerous, as the suggested workflow rsync args will cause the recursive removal of all files and directories in the home directory as well as placing the files in the wrong directory. Even if the docs for this action are read thouroughly and rsync args are handcrafted, if a GitHub secret is removed by accident and this workflow runs then it's likely going to cause headaches.
TARGETshould always be explicitly defined to prevent thisRelevant code, src/inputs.js#L14
EDIT: Wording, relevant line