Skip to content

[WIP] Add GitHub Actions artifact upload command #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
0x73746F66 merged 4 commits into from
Jan 19, 2026
Merged

[WIP] Add GitHub Actions artifact upload command #138

0x73746F66 merged 4 commits into from
Jan 19, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 19, 2026
edited
Loading

  • Fix defer statement in test loop (artifact_test.go:30-35) - use t.Setenv
  • Add artifact name sanitization (artifact.go:166)
  • Use cmd.Context() instead of context.Background() (gha.go:115)
  • Increase HTTP timeout for large artifacts (artifact.go:70-71)
  • Fix Zip Slip vulnerability in extractZip (artifact.go:229-230)
  • Add size limit check for artifact downloads (artifact.go:202)
  • Fix defer in loop for temp directory cleanup (gha.go:158-183)
  • Add unit tests for artifact collector functions
  • Fix ignored JSON marshal error (gha.go:200)
  • Add authentication to API requests (uploader.go:91-92)
  • Add txnID validation (uploader.go:123)
  • Fix error handling for os.MkdirAll (artifact.go:233)
  • Use safe file permissions in extractZip (artifact.go:241)
  • Fix file handle closing in extractZip (artifact.go:248-258)
  • Add unit tests for uploader functions
  • Optimize regex compilation performance

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Jan 19, 2026
Merged
Copilot AI and others added 3 commits January 19, 2026 11:16
@0x73746F66
Fix security vulnerabilities and critical issues in GitHub Actions in…
5d29090 
…tegration

- Fix defer in test loop using t.Setenv
- Add artifact name sanitization to prevent path traversal
- Use cmd.Context() for proper cancellation propagation
- Increase HTTP timeout to 10 minutes for large artifacts
- Fix Zip Slip vulnerability with path validation
- Add size limit check (1GB max) for artifact downloads
- Fix defer in loop for temp directory cleanup
- Fix ignored JSON marshal error in output
- Add authentication support via VULNETIX_API_KEY
- Add txnID validation with alphanumeric regex
- Fix file handle closing with proper error handling
- Use safe file permissions (0644/0755) instead of zip entry permissions

Co-authored-by: 0x73746F66 <93355168+0x73746F66@users.noreply.github.com>
@0x73746F66
Add comprehensive unit tests for artifact collector and uploader
436777a 
- Test sanitizeArtifactName function with various inputs
- Test ListArtifacts with mock HTTP server
- Test Zip Slip vulnerability protection
- Test valid zip extraction with safe permissions
- Test artifact size limit enforcement
- Test successful artifact download and extraction
- Test validateTxnID function with various inputs
- Test authentication header injection
- Test transaction initiation with mock server
- Test artifact upload with multipart form data
- Test transaction and artifact status retrieval
- Test error handling for invalid inputs

Co-authored-by: 0x73746F66 <93355168+0x73746F66@users.noreply.github.com>
@0x73746F66
Optimize regex compilation for better performance
5d97ff8 
- Move artifact name sanitization regex to package-level variable
- Move transaction ID validation regex to package-level variable
- Remove redundant file mode condition in extractZip

These changes improve performance by compiling regex patterns once at
package initialization instead of on every function call.

Co-authored-by: 0x73746F66 <93355168+0x73746F66@users.noreply.github.com>
@0x73746F66 0x73746F66 marked this pull request as ready for review January 19, 2026 11:21
@0x73746F66 0x73746F66 merged commit c8ec1ea into claude/add-gha-artifact-upload-K2QNM Jan 19, 2026
Copilot AI requested a review from 0x73746F66 January 19, 2026 11:22
Copilot stopped work on behalf of 0x73746F66 due to an error January 19, 2026 11:22
The session was cancelled by the user.
@0x73746F66 0x73746F66 deleted the copilot/sub-pr-137 branch January 19, 2026 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0x73746F66 0x73746F66 Awaiting requested review from 0x73746F66

Assignees

@0x73746F66 0x73746F66

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@0x73746F66