Skip to content

Commit

Permalink
Secure mode no child
Browse files Browse the repository at this point in the history 
Signed-off-by: Prabhu Subramanian <[email protected]>
  • Loading branch information
@prabhu
prabhu committed Feb 1, 2025
1 parent 836c3df commit f027af2
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/repotests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -739,6 +739,13 @@ jobs:
mkdir -p "~/.rbenv/plugins"
git clone https://github.com/rbenv/ruby-build.git --depth=1 "~/.rbenv/plugins/ruby-build"
if: runner.os != 'Windows'
- name: repotests - no exec
run: |
bin/cdxgen.js -p -t pnpm ${GITHUB_WORKSPACE} --no-recurse -o ${GITHUB_WORKSPACE}/bomresults/bom-self.json --fail-on-error
shell: bash
env:
NODE_OPTIONS: "--permission --allow-fs-read=${{ runner.temp }}/cdxgen-repotests/* --allow-fs-read=${{ github.workspace }}/* --allow-fs-write=${{ github.workspace }}/bomresults/bom-self.json --trace-warnings"
CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-repotests
- name: repotests
run: |
bin/cdxgen.js -p -t java ${GITHUB_WORKSPACE}/repotests/java-sec-code -o ${GITHUB_WORKSPACE}/bomresults/bom-java-sec-code-1.json --fail-on-error
Expand All @@ -751,10 +758,3 @@ jobs:
env:
NODE_OPTIONS: "--permission --allow-fs-read=/home/runner/* --allow-fs-read=/tmp/* --allow-fs-read=/run/user/1001/* --allow-fs-read=/opt/hostedtoolcache/* --allow-fs-write=/tmp/* --allow-fs-read=/Users/runner/* --allow-fs-read=${{ github.workspace }}/* --allow-fs-write=${{ github.workspace }}/bomresults/*.json --allow-fs-read=${{ runner.temp }}/* --allow-fs-write=${{ runner.temp }}/* --allow-child-process --trace-warnings"
CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-repotests
- name: repotests - no exec
run: |
bin/cdxgen.js -p -t pnpm ${GITHUB_WORKSPACE} --no-recurse -o ${GITHUB_WORKSPACE}/bomresults/bom-self.json --fail-on-error
shell: bash
env:
NODE_OPTIONS: "--permission --allow-fs-read=/tmp/* --allow-fs-read=/run/user/1001/* --allow-fs-read=/opt/hostedtoolcache/* --allow-fs-read=${{ github.workspace }}/package.json --allow-fs-read=${{ github.workspace }}/pnpm-lock.yaml --allow-fs-write=${{ github.workspace }}/bomresults/bom-self.json --trace-warnings"
CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-repotests

0 comments on commit f027af2

Please sign in to comment.