New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xz, gh: deny network access #169720
xz, gh: deny network access #169720
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @alebcay!
Would be nice to see a usage of when this also e.g. only denies some methods.
1d1b2f9
to
cfb0e34
Compare
I'd suggest blocking cURL from network in the build step and not in the others |
It was merged so rerunning CI now. |
I guess the stable tap_syntax is cancelling the normal one |
Indeed, looks like test-bot is using latest brew tag (not latest master) so this CI will not pass until the aforementioned PR lands in a tag. |
I think that label only applies to OS testing, we need the stable syntax check to be |
Should be able to have it just not kill the main tap syntax job without a fail fast in the matrix or similar. |
Since I don't see any reason to ever kill the main syntax job because of the stable one, I ignored this and made a fix with my comment: #169867 |
cfb0e34
to
0b6d454
Compare
0b6d454
to
80f8ef0
Compare
N.B.: resources used by the |
80f8ef0
to
c0bca91
Compare
Looks good, let's try this out!
I think there's probably a DSL addition required to indicate a test-only resource and |
HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>
, where<formula>
is the name of the formula you're submitting?brew test <formula>
, where<formula>
is the name of the formula you're submitting?brew audit --strict <formula>
(after doingHOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>
)? If this is a new formula, does it passbrew audit --new <formula>
?Expected to fail without Homebrew/brew#17081.