mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 15:43:06 +02:00
* Initial plan * fix: format shell scripts with shfmt (convert tabs to 2 spaces) Co-authored-by: kuhyx <147418882+kuhyx@users.noreply.github.com> * feat: enhance shell-check workflow for PR pre-merge validation - Add pull_request_target trigger to check PRs from forks - Add explicit failure message with instructions - Create BRANCH_PROTECTION.md with setup guide - Ensure workflow runs on all PRs targeting main/master Co-authored-by: kuhyx <147418882+kuhyx@users.noreply.github.com> * refactor: improve workflow security and remove redundant exit code - Remove pull_request_target to avoid executing untrusted fork code - Remove redundant exit 1 from failure step - Update documentation to reflect changes - Standard pull_request trigger handles forks securely Co-authored-by: kuhyx <147418882+kuhyx@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: kuhyx <147418882+kuhyx@users.noreply.github.com>
32 lines
670 B
Bash
32 lines
670 B
Bash
#!/usr/bin/env bash
|
|
# pacman-post-relock-hosts.sh - Re-apply hosts guard protections after pacman
|
|
set -euo pipefail
|
|
|
|
# Source shared functions
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
# shellcheck source=hosts-guard-common.sh
|
|
source "$SCRIPT_DIR/hosts-guard-common.sh"
|
|
|
|
ENFORCE=/usr/local/sbin/enforce-hosts.sh
|
|
|
|
log_hook "post" "relocking(start)"
|
|
|
|
# Collapse any stacked mounts first
|
|
collapse_mounts
|
|
|
|
# Run enforcement script if available
|
|
if [[ -x $ENFORCE ]]; then
|
|
"$ENFORCE" > /dev/null 2>&1 || true
|
|
fi
|
|
|
|
# Apply protections
|
|
apply_immutable
|
|
apply_ro_bind_mount
|
|
|
|
# Start the path watcher
|
|
start_path_watcher
|
|
|
|
log_hook "post" "relocking(done)"
|
|
|
|
exit 0
|