search

hbstack / revision

HB revision module describe page with extra info, such as the created, modified dates and so on.
https://hbstack.dev/
MIT License
2 stars 2 forks source link

"GITHUB_TOKEN" is not whitelisted in policy "security.funcs.getenv" #107

Closed FuadEfendi closed 3 weeks ago

FuadEfendi commented 3 weeks ago

I am not sure about that, happens at Netlify,

6:19:59 PM: Error: error building site: render: failed to render pages: render of "home" failed: "/opt/build/repo/layouts/docs/list.html:11:11": execute of template failed: template: docs/list.html:11:11: executing "main" at <partial "hb/modules/docs/section" .>: error calling partial: "/opt/build/cache/hugo_cache/modules/filecache/modules/pkg/mod/github.com/hbstack/docs@v0.20.1/layouts/partials/hb/modules/docs/section.html:17:3": execute of template failed: template: partials/hb/modules/docs/section.html:17:3: executing "partials/hb/modules/docs/section.html" at <partial "hugopress/functions/render-hooks" (dict "Page" . "Name" "hb-docs-doc-content-end")>: error calling partial: "/opt/build/cache/hugo_cache/modules/filecache/modules/pkg/mod/github.com/hugomods/hugopress@v0.5.0/layouts/partials/hugopress/functions/render-hooks.html:34:8": execute of template failed: template: partials/hugopress/functions/render-hooks.html:34:8: executing "partials/hugopress/functions/render-hooks.html" at <partial .partial $ctx>: error calling partial: "/opt/build/cache/hugo_cache/modules/filecache/modules/pkg/mod/github.com/hbstack/docs/modules/revision@v0.1.0/layouts/partials/hugopress/modules/hb-docs-revision/hooks/hb-docs-doc-content-end.html:1:4": execute of template failed: template: partials/hugopress/modules/hb-docs-revision/hooks/hb-docs-doc-content-end.html:1:4: executing "partials/hugopress/modules/hb-docs-revision/hooks/hb-docs-doc-content-end.html" at <partial "hb/modules/revision/index" .Page>: error calling partial: "/opt/build/cache/hugo_cache/modules/filecache/modules/pkg/mod/github.com/hbstack/revision@v0.6.6/layouts/partials/hb/modules/revision/index.html:33:15": execute of template failed: template: partials/hb/modules/revision/index.html:33:15: executing "partials/hb/modules/revision/index.html" at <getenv "GITHUB_TOKEN">: error calling getenv: access denied: "GITHUB_TOKEN" is not whitelisted in policy "security.funcs.getenv"; the current security configuration is:
6:19:59 PM: [security]
6:19:59 PM:   enableInlineShortcodes = false
6:19:59 PM:   [security.exec]
6:19:59 PM:     allow = ['^(dart-)?sass(-embedded)?$', '^go$', '^git$', '^npx$', '^postcss$', '^tailwindcss$']
6:19:59 PM:     osEnv = ['(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+|(XDG_CONFIG_)?HOME|USERPROFILE|SSH_AUTH_SOCK|DISPLAY|LANG|SYSTEMDRIVE)$']
6:19:59 PM:   [security.funcs]
6:19:59 PM:     getenv = ['^HUGO', 'CI$', 'PWD']
6:19:59 PM:   [security.http]
6:19:59 PM:     methods = ['(?i)GET|POST']
6:19:59 PM:     urls = ['.*']
6:19:59 PM: ​
6:19:59 PM: "build.command" failed                                        
6:19:59 PM: ────────────────────────────────────────────
razonyang commented 3 weeks ago

Seems a bug if you're not enable the hb.revision.repo_contributors parameter.

A quick workaround is to append the GITHUB_TOKEN into security.funcs.getenv whitelist, even it's not used.

// hugo.yaml
security:
  funcs:
    getenv: ['^HUGO', 'CI$', 'PWD', 'GITHUB_TOKEN']

Haven't test, there maybe typo.

Will make a patch later.

FuadEfendi commented 3 weeks ago

Maybe it is misconfigured?

hb:
  revision:
    repo_service: github
    repo_owner: MasteryEducation
    repo_name: FlutterMasteryLibrary.com
    repo_branch: main
    repo_subpath: ''
    repo_contributors: true
    repo_actions: true
    icons: true
    created_at: false
    date_format: ':date_full'
    font_size: '.825rem'

https://github.com/MasteryEducation/FlutterMasteryLibrary.com

FuadEfendi commented 3 weeks ago

Thanks for suggested workaround; it works