This commit expands filepathDescendsFrom(string, string) to handle edge cases such as mixing absolute and relative paths or artifact name edge cases.
Additionally, tests for filepathDescendsFrom() and downloadrun() have been expanded to verify additional use cases.
This incorporates the work done by @williammartin to improve reasoning about `gh run download` behavior through testing while verifying a simpler solution to checking if a path is contained within a directory.
This builds off suggestion to reuse logic used already within `gh run download` for detecting path traversals.
This largely works but runs into an issue where detection logic doesn't handle non-separated traversal.
This commit expands the `Step` structure used with GitHub Actions workflow runs to include fields indicating when steps start and complete.
This information is already provided by the GitHub API, so this only involves expanding the structure, fields exported, and the associated tests.
In the future, I could see `gh` including the duration calculation which is used when viewing workflow or workflow run.
This commit addresses the documentation issue.
The discussion at #7018 has confirmed that it is undocumented that
the current behavior of `gh run download` with `-n` and no `run-id`
downloads the latest artifact.
Although the behavior has not been created intentionally, it is the one
that should be documented and the future releases should warn before
a breaking change.
Found with
rg '(^ | \t|\t )' -g '*.go' -g '!*_test.go'
Mixed indent exceptions:
- wrapped long list items with extra 2-space indent
- code snippets using space indent
- commented code lines having "\t*// \t+" prefix
This commit expands on @nobe4 initial work by bringing the owner and repository name to the most obvious issue and PR number output use cases before making a second pass for any edge cases.
