From c1c6f21ad2ccf8f2e8536e68f1828fda092cd343 Mon Sep 17 00:00:00 2001 From: kolaente Date: Sun, 14 Nov 2021 16:50:07 +0100 Subject: [PATCH] chore(ci): make sure you cannot tamper the deploy script in a PR --- .drone.yml | 3 ++- scripts/deploy-preview-netlify.js.sha384 | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 scripts/deploy-preview-netlify.js.sha384 diff --git a/.drone.yml b/.drone.yml index 0553195b..4d23f959 100644 --- a/.drone.yml +++ b/.drone.yml @@ -148,6 +148,7 @@ steps: GITEA_TOKEN: from_secret: gitea_token commands: + - shasum -a 384 -c ./scripts/deploy-preview-netlify.js.sha384 - node ./scripts/deploy-preview-netlify.js depends_on: - build-prod @@ -655,6 +656,6 @@ steps: from_secret: crowdin_key --- kind: signature -hmac: 15df446c7e93a881249d46273485183386157229ee6a37b1ed0fcb2a0b32bbe2 +hmac: 188ee90100c5fc5922a445e531e7a47453121edddb2a64a182eb23ed2bf602de ... diff --git a/scripts/deploy-preview-netlify.js.sha384 b/scripts/deploy-preview-netlify.js.sha384 new file mode 100644 index 00000000..fe5f72f1 --- /dev/null +++ b/scripts/deploy-preview-netlify.js.sha384 @@ -0,0 +1 @@ +55ce0faaa2c1919341617ccfaeccbb6029ac12107964ff488985cff13dd952f1a991df3ab0d4b0705deb761e508e6434 ./scripts/deploy-preview-netlify.js