-
Notifications
You must be signed in to change notification settings - Fork 736
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] Explicitly requested hidden files should be uploaded without allowing all hidden files #614
Comments
I agree with the sentiment of the issue, In case it gets decided that the current behaviour is intended (or while discussion about it is on-going), I would suggest that explicitly specified filepaths that end up being ignored should lead to an error or big fat warning telling you about it. There is currently no difference in behaviour between
and not specifying such a path at all, as in,
so in almost every case I can think of, the former is a configuration mistake that should throw up some flags. It currently makes no sense to specify a path with a leading dot without also setting |
I'm disappointed that this hasn't even been discussed on this issue. I love that you are taking security seriously by preventing accidental upload of sensitive data. But it's really disappointing that you are telling us to simply switch it all off, and not discussing more sophisticated approaches. Can we at least get a response here? |
A breaking change to the upload-artifact GitHub Action has broken uploading coverage files (not only for us, see actions/upload-artifact#614) and has not been reverted. This change will fix that by enabling hidden files only for those uploads. Signed-off-by: Keith Battocchi <[email protected]>
A breaking change to the upload-artifact GitHub Action has broken uploading coverage files (not only for us, see actions/upload-artifact#614) and has not been reverted. This change will fix that by enabling hidden files only for those uploads. Signed-off-by: Keith Battocchi <[email protected]>
upload-artifact tries to protect me by refusing to upload hidden files, even if I explicitly request those files with my `path` setting. Issue here: actions/upload-artifact#614 I have to enable hidden file uploads to get it to work with 4.4.
upload-artifact tries to protect me by refusing to upload hidden files, even if I explicitly request those files with my `path` setting. Issue here: actions/upload-artifact#614 I have to enable hidden file uploads to get it to work with 4.4. https://htmlpreview.github.io/?https://github.com/nedbat/coverage-reports/blob/main/reports/20241102_ea2263f669/htmlcov/index.html ea2263f669: master
Just had a deployment fail on me silently, because not all necessary files were uploaded for the application to run. Not a cool move guys, to just change the default behaviour in such a drastic way |
What happened?
Many people were surprised by the change that hidden files are no longer uploaded unless
hidden-files: true
is set. Even explicitly named files are not uploaded. This is confusing, and encourages people to turn off the safety feature completely.If I name a hidden file, it should be uploaded regardless of the setting.
To make an analogy:
ls
ignores hidden files.ls -a
shows them all.ls .gitignore
shows me the hidden .gitignore file even without the -a flag.Previous comments:
What did you expect to happen?
Explicitly named hidden files should be uploaded.
How can we reproduce it?
Many examples are in the other issues.
Anything else we need to know?
No response
What version of the action are you using?
v4.4.0
What are your runner environments?
linux, window, macos
Are you on GitHub Enterprise Server? If so, what version?
No response
The text was updated successfully, but these errors were encountered: