Skip to content
This repository has been archived by the owner on Jan 10, 2023. It is now read-only.

Commit

Permalink
Support non-git/hg root dirs (#75)
Browse files Browse the repository at this point in the history 
- Emulate git/hg ignore behavior in non-git/hg dirs
    - Supports certain CI systems, e.g., Heroku CI
  • Loading branch information
@SpainTrain @eddiemoore
SpainTrain authored and eddiemoore committed Jul 6, 2018
1 parent a19efbe commit 39dc2d8
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
9 changes: 7 additions & 2 deletions lib/codecov.js
View file
Expand Up @@ -2,6 +2,7 @@ var fs = require('fs');
var path = require('path');
var request = require('request');
var urlgrey = require('urlgrey');
var walk = require('ignore-walk');
var execSync = require('child_process').execSync;

var detectProvider = require('./detect');
Expand Down Expand Up @@ -288,8 +289,12 @@ var upload = function(args, on_success, on_failure){
// List git files
var root = path.resolve(args.options.root || query.root || '.');
console.log('==> Building file structure');
upload += execSync('git ls-files || hg locate', { cwd: root }).toString().trim() + '\n<<<<<< network\n';

try {
upload += execSync('git ls-files || hg locate', { cwd: root }).toString().trim() + '\n<<<<<< network\n';
} catch (err) {
// not a git/hg dir, emulating git/hg ignore behavior
upload += walk.sync({path: root, ignoreFiles: ['.gitignore', '.hgignore']}).join('\n').trim() + '\n<<<<<< network\n';
}
// Make gcov reports
if ((args.options.disable || '').split(',').indexOf('gcov') === -1) {
try {
Expand Down
7 changes: 4 additions & 3 deletions package.json
View file
Expand Up @@ -25,9 +25,10 @@
},
"homepage": "https://github.com/codecov/codecov-node",
"dependencies": {
"request": "^2.81.0",
"urlgrey": "0.4.4",
"argv": "0.0.2"
"argv": "0.0.2",
"ignore-walk": "3.0.0",
"request": "2.81.0",

This comment has been minimized.

Sign in to view

Copy link
@polytypic

polytypic Jul 7, 2018

This change makes it so that codecov now depends on a vulnerable version of hoek. Here is what npm audit reports:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ codecov [dev]                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ codecov > request > hawk > cryptiles > boom > hoek           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

This comment has been minimized.

Sign in to view

Copy link
@eddiemoore

eddiemoore Jul 9, 2018

Collaborator

Fixed in v3.0.4
"urlgrey": "0.4.4"
},
"devDependencies": {
"expect.js": "^0.3.1",
Expand Down

0 comments on commit 39dc2d8

Please sign in to comment.