HongChuang/ultralytics-ascend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

ultralytics 8.3.43 PyPI publishing security fix (#18052)

Browse source 
Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com>
Signed-off-by: UltralyticsAssistant <web@ultralytics.com>
Co-authored-by: UltralyticsAssistant <web@ultralytics.com>
This commit is contained in:
Glenn Jocher 2024-12-05 20:47:01 +01:00 committed by GitHub
parent bb7c7ae811
commit 68c63a7e56
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 16 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.github/workflows/docs.yml vendored
View file

@ -30,6 +30,8 @@ jobs:
Docs: Docs:
if: github.repository == 'ultralytics/ultralytics' if: github.repository == 'ultralytics/ultralytics'
runs-on: ubuntu-latest runs-on: ubuntu-latest
env:
GITHUB_REF: ${{ github.head_ref || github.ref }}
steps: steps:
- name: Git config - name: Git config
run: | run: |
@ -40,7 +42,7 @@ jobs:
with: with:
repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
token: ${{ secrets._GITHUB_TOKEN || secrets.GITHUB_TOKEN }} token: ${{ secrets._GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
ref: ${{ github.head_ref || github.ref }} ref: ${{ env.GITHUB_REF }}
fetch-depth: 0 fetch-depth: 0
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
@ -56,7 +58,7 @@ jobs:
continue-on-error: true continue-on-error: true
run: | run: |
python docs/build_reference.py python docs/build_reference.py
git pull origin ${{ github.head_ref || github.ref }} git pull origin "$GITHUB_REF"
git add . git add .
git reset HEAD -- .github/workflows/ # workflow changes are not permitted with default token git reset HEAD -- .github/workflows/ # workflow changes are not permitted with default token
if ! git diff --staged --quiet; then if ! git diff --staged --quiet; then
@ -75,7 +77,7 @@ jobs:
continue-on-error: true continue-on-error: true
if: always() if: always()
run: | run: |
git pull origin ${{ github.head_ref || github.ref }} git pull origin "$GITHUB_REF"
git add --update # only add updated files git add --update # only add updated files
git reset HEAD -- .github/workflows/ # workflow changes are not permitted with default token git reset HEAD -- .github/workflows/ # workflow changes are not permitted with default token
if ! git diff --staged --quiet; then if ! git diff --staged --quiet; then

29
.github/workflows/publish.yml vendored
View file

@ -35,11 +35,9 @@ jobs:
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:
python-version: "3.x" python-version: "3.x"
cache: "pip" - uses: astral-sh/setup-uv@v4
- name: Install dependencies - name: Install dependencies
run: | run: uv pip install --system ultralytics-actions build twine toml
python -m pip install --upgrade pip wheel
pip install ultralytics-actions build twine toml
- name: Check PyPI version - name: Check PyPI version
shell: python shell: python
run: | run: |
@ -60,11 +58,13 @@ jobs:
if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True' if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True'
uses: pypa/gh-action-pypi-publish@release/v1 uses: pypa/gh-action-pypi-publish@release/v1
- name: Publish new tag - name: Publish new tag
continue-on-error: true
if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True' if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True'
run: | run: |
git tag -a "${{ steps.check_pypi.outputs.current_tag }}" -m "$(git log -1 --pretty=%B)" # i.e. "v0.1.2 commit message" git tag -a "${{ steps.check_pypi.outputs.current_tag }}" -m "$(git log -1 --pretty=%B)" # i.e. "v0.1.2 commit message"
git push origin "${{ steps.check_pypi.outputs.current_tag }}" git push origin "${{ steps.check_pypi.outputs.current_tag }}"
- name: Publish new release - name: Publish new release
continue-on-error: true
if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True' if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True'
env: env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
@ -75,22 +75,13 @@ jobs:
shell: bash shell: bash
- name: Extract PR Details - name: Extract PR Details
env: env:
GH_TOKEN: ${{ secrets._GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
# Check if the event is a pull request or pull_request_target PR_JSON=$(gh pr list --search "${GITHUB_SHA}" --state merged --json number,title --jq '.[0]')
if [ "${{ github.event_name }}" = "pull_request" ] || [ "${{ github.event_name }}" = "pull_request_target" ]; then PR_NUMBER=$(echo "${PR_JSON}" | jq -r '.number')
PR_NUMBER=${{ github.event.pull_request.number }} PR_TITLE=$(echo "${PR_JSON}" | jq -r '.title')
PR_TITLE=$(gh pr view $PR_NUMBER --json title --jq '.title') echo "PR_NUMBER=${PR_NUMBER}" >> "${GITHUB_ENV}"
else echo "PR_TITLE=${PR_TITLE}" >> "${GITHUB_ENV}"
# Use gh to find the PR associated with the commit
COMMIT_SHA=${{ github.event.after }}
PR_JSON=$(gh pr list --search "${COMMIT_SHA}" --state merged --json number,title --jq '.[0]')
PR_NUMBER=$(echo $PR_JSON | jq -r '.number')
PR_TITLE=$(echo $PR_JSON | jq -r '.title')
fi
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
echo "PR_TITLE=$PR_TITLE" >> $GITHUB_ENV
- name: Notify on Slack (Success) - name: Notify on Slack (Success)
if: success() && github.event_name == 'push' && steps.check_pypi.outputs.increment == 'True' if: success() && github.event_name == 'push' && steps.check_pypi.outputs.increment == 'True'
uses: slackapi/slack-github-action@v2.0.0 uses: slackapi/slack-github-action@v2.0.0

2
ultralytics/__init__.py
View file

@ -1,6 +1,6 @@
# Ultralytics YOLO 🚀, AGPL-3.0 license # Ultralytics YOLO 🚀, AGPL-3.0 license
__version__ = "8.3.42" __version__ = "8.3.43"
import os import os