Skip to content

fix(upload-rpm): require OS version arg and improve token check #35991

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
esolitos wants to merge 1 commit into
base: master
Choose a base branch
from
+6 −10
Open

fix(upload-rpm): require OS version arg and improve token check #35991

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 6 additions & 10 deletions .github/scripts/upload-rpm-to-cloudsmith.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,21 +11,17 @@ if [[ -n "${RUNNER_DEBUG:-}" ]]; then
set -o xtrace
fi

if (( $# < 1 )); then
echo "Usage: $0 <RPM file>"
if (( $# < 2 )); then
echo "Usage: $0 <RPM file> <OS version>"
exit 1
fi

if [ "${CLOUDSMITH_API_TOKEN}" = "" ]; then
echo "Environment CLOUDSMITH_API_TOKEN not set. Exiting."
exit 1
fi

RPM=$1
OS_DISTRO=el
OS_VERSION=$2
: "${CLOUDSMITH_API_TOKEN:?Environment variable CLOUDSMITH_API_TOKEN must be set.}"

main() {
local RPM=$1 ; shift
local OS_VERSION=$2 ; shift
Comment on lines +22 to +23
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The shift operations cause OS_VERSION to be assigned incorrectly. After 'local RPM=$1 ; shift', the positional parameters shift left, so $2 becomes empty. The assignment 'local OS_VERSION=$2' will then assign an empty or unset value. Either remove the shift operations and use '$1' and '$2' directly, or fix the order: 'shift' should come before assignment, and the second line should use '$1' instead of '$2' after shifting. The recommended fix is to remove the shift operations entirely: 'local RPM=$1' and 'local OS_VERSION=$2' without any shifts.

Suggested change
local RPM=$1 ; shift
local OS_VERSION=$2 ; shift
local RPM=$1
local OS_VERSION=$2

Copilot uses AI. Check for mistakes.
local OS_DISTRO=el # Assuming RHEL/CentOS/Alma/Rocky.

Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The OS_VERSION parameter lacks validation. The related script publish-unpublished-rpms-to-archive.sh validates OS version against ALLOWED_VERSIONS array (lines 30-34). Consider adding similar validation here to ensure only valid OS versions like "8" or "9" are accepted, preventing errors from invalid distribution values being passed to the Cloudsmith API.

Suggested change
# Validate OS version to avoid passing invalid distributions to Cloudsmith.
local -r ALLOWED_VERSIONS=("8" "9")
local os_version_valid=false
for v in "${ALLOWED_VERSIONS[@]}"; do
if [[ "$OS_VERSION" == "$v" ]]; then
os_version_valid=true
break
fi
done
if [[ "$os_version_valid" != true ]]; then
echo "Invalid OS version '$OS_VERSION'. Allowed versions: ${ALLOWED_VERSIONS[*]}" >&2
exit 1
fi

Copilot uses AI. Check for mistakes.
FID=$(curl -sSLf \
--upload-file "$RPM" \
Expand Down
Loading