githubocto / flat Goto Github PK
View Code? Open in Web Editor NEWThe GitHub Action which powers Flat
Home Page: https://next.github.com/projects/flat-data/
License: MIT License
The GitHub Action which powers Flat
Home Page: https://next.github.com/projects/flat-data/
License: MIT License
👋
Hi guys, thanks for a cool project!
I'm using it to sync down some data from a private URL I would like to keep private, so I have configured the URL from a secret like so:
http_url: ${{ secrets.MY_SECRET_URL }}
But the source comes out in plain text in the commit message:
{
"date": "2021-05-31T14:01:16.071Z",
"files": [
{
"name": "myfile.json",
"deltaBytes": 167,
"source": "https://my_private_server.com"
}
]
}
It would be nice to have the repo open, but able to hide the datasource.
I'd like to be able to set a user-agent (curl -A "MyApp" ...
) when downloading files via this action. Could you support curl as well?
I want to use Flat data to track my internet connection speed at home. I can't do that from inside a GitHub Action. I could expose the data via HTTP, but that would require exposing a computer on my network to the internet. I want to run flat on a cron on a computer and push the data to a GitHub repository.
Unfortunately, flat
doesn't seem to be particularly easy to consume because it's an unpublished Node.js package.
Have you considered making the source of flat GitHub Action available as a Deno package? Deno can even build a binary that would make using flat very easy locally.
Getting an error on my action here: https://github.com/dalanmiller/baby-swim-flat/runs/3052840184?check_suite_focus=true
Looks like the @octokit/request import within mod.ts
is causing issues with an uncaught error
Error: Command failed: NO_COLOR=true deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable postprocess.ts classes.json
Warning Implicitly using latest version (1.0.0) for https://deno.land/x/url_join/mod.ts
error: Uncaught (in promise) HttpError: Not Found
const error = new RequestError(toErrorMessage(data), status, {
^
at https://cdn.skypack.dev/-/@octokit/[email protected]/dist=es2020,mode=imports/optimized/@octokit/request.js:81:21
at async file:///home/runner/work/baby-swim-flat/baby-swim-flat/postprocess.ts:348:13
Since three days a step in the github action for the githubcoto/flat@v2 fails with
Relative import path "ssf" not prefixed with / or ./ or ../ from "https://cdn.deno.land/sheetjs/versions/v0.16.8/raw/types/index.d.ts"
The log is here
Any hints for how to resolve this issue?
I'm trying to use the SQL connection with a Heroku database. Heroku requires SSL for postgres connections but provides a self-signed cert.
With a connection string of the form: postgres://user:password@host:post/database
Fetching: SQL
Error: Unable to connect to database: no pg_hba.conf entry for host "xx.xxx.xx.xxx", user "Read-only", database "xxxxxxxxxxx", SSL off
Error: Workflow failed! no pg_hba.conf entry for host "xx.xxx.xx.xxx", user "Read-only", database "xxxxxxxxxx", SSL off
With a connection string of the form postgres://user:password@host:post/database?sslmode=require
Fetching: SQL
Error: Unable to connect to database: self signed certificate
Error: Workflow failed! self signed certificate
I think the solution is to add an option to ignore invalid certificates. Here
Lines 68 to 71 in e83e6ea
I think this needs to pass an ssl object like…
connection = await createConnection({
type: protocol,
url: config.sql_connstring,
ssl: {
rejectUnauthorized: config.require_valid_cert
}
})
Something like that. I'm not a typescript developer but I hope that helps
I'm using this action to pull in data from our content repos and commit into the main repo for building. Seems like a great little action for this.
I have a small issue when using matrix strategy with this action. Essentially the problem is that depending on the order of the execution and timing of the execution of the matrix jobs some will fail with a git fast-forward error. One of the other jobs has pushed to the repo in between. This isn't directly related to matrix strategy and any clashing workflows that perform commits to their repos will be affected here.
There are a few possible fixes non of which are perfect so I'm not sure this is necessarily a solvable problem:
git pull
before git push
(this will reduce the chance of this error occurring but not solve it)git push
fast-forward error and repeat operation up to say 5 times (e.g. pull then push, pull then push, ...)I'm more than happy to raise a PR to sort this but just wanted to see which one was preferable from the maintainers!
Hi! Thanks for the awesome functionality provided by Flat Data!
I have come across the need to make a GraphQL query with Flat Data. Specifically, to gather a set of sponsors for a given GitHub organization. I want to then be able to fetch that data in a static website to show a dynamic list of sponsors. I also believe that there could be many other uses for GraphQL queries that are a natural fit for Flat Data.
I am willing to implement a Pull Request to address this functionality. Before I started implementing this change and level of effort I wanted to ensure the maintainers are open to incorporating the feature.
Any feedback is greatly appreciated! Thanks!
I'm trying out using flat to fetch a json file. This json file changes very infrequently so when testing the file is exactly the same. When I try to run the action the commit command gives an error.
This is my repo where I'm testing things out. If anyone has any pointers that'll be great
The v3
ref is pointing to v3.3.1
rather than the latest v3.4.0
release, so running this workflow against the v3
ref still yields node12
deprecation warning:
Could someone update the v3
branch to include @mattrothenberg's changes in #86?
I should note that the example in the docs uses v3
: https://github.com/githubocto/flat#option-2-manually-create-a-github-actions-workflow-yml-file
Thanks in advance! Big fan of this tool 🙂
This action now receives the following warning:
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: githubocto/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
(As per issue #76)
Hi
Thanks for developing flat action.
Yesterday my action started failing with an error:
Warning Implicitly using latest version (1.0.0) for deno.land/x/url_join/mod.ts
Error: Error: Command failed: deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable postprocess.js data-raw.json
Warning Implicitly using latest version (1.0.0) for deno.land/x/url_join/mod.ts
error: Relative import path "ssf" not prefixed with / or ./ or ../ from "cdn.deno.land/sheetjs/versions/v0.16.8/raw/types/index.d.ts"
error: Relative import path "ssf" not prefixed with / or ./ or ../ from "cdn.deno.land/sheetjs/versions/v0.16.8/raw/types/index.d.ts"
What can I do?
There is an authorization config option which enables the user to specify the Authorization
HTTP header value.
However I am wanting to fetch data from an API that uses a different header name for authorization. It would be great if we could configure an alternative header name to use for authorization where I could put my secret - ${{secrets.NAME_OF_THE_CREATED_SECRET}}
.
I am aware of axios_config but I don't believe I can reference secrets in there. Thanks!
I setup a repo to collect holdings of ARK funds using flat. The repo is up and running.
However, the holding csv downloaded from https://ark-funds.com contains a line of disclosure at the end of the files. I would like to remove the line by applying a postprocessing script to the raw file.
I tried to save the files downloaded from https://ark-funds.com to raw/ARK_INNOVATION_ETF_{fund}_HOLDINGS.csv
, and then use the script to remove the disclosure from the raw file, and save the cleared file in ARK_INNOVATION_ETF_{fund}_HOLDINGS.csv
.
Here is the GitHub Action config I used:
- name: Fetch data
uses: githubocto/flat@v3
with:
http_url: https://ark-funds.com/wp-content/uploads/funds-etf-csv/ARK_INNOVATION_ETF_ARKK_HOLDINGS.csv
downloaded_filename: raw/ARK_INNOVATION_ETF_ARKK_HOLDINGS.csv
axios_config: query.json
postprocess: ./postprocess.js
GitHub Action execution failed because of Error: ENOENT: no such file or directory, open 'raw/ARK_INNOVATION_ETF_ARKK_HOLDINGS.csv'
The file can be created successfully. The action should help me to create the raw
directory if it is not exist.
Hi
Flat action started to fail 2 days in a row. The error happens during push
! [rejected] master -> master (fetch first)
error: failed to push some refs to '<repo>/flat'
hint: Updates were rejected because the remote contains work that you do
hint: not have locally. This is usually caused by another repository pushing
hint: to the same ref. You may want to first integrate the remote changes
hint: (e.g., 'git pull ...') before pushing again.
hint: See the 'Note about fast-forwards' in 'git push --help' for details.
I checked and I don't have outdated flat action if it was a known issue.
Error: Command failed: NO_COLOR=true deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable post-process.js data.json
Warning Implicitly using latest version (1.0.0) for https://deno.land/x/url_join/mod.ts
error: Expected a JavaScript or TypeScript module, but identified a Unknown module. Importing these types of modules is currently not supported.
Specifier: https://jspm.dev/npm:[email protected]!cjs
at https://jspm.dev/xlsx:5:25
I’m running a GitHub action to download images from an api every hour, I used the nasa image example as the template. However sometimes the run fails with this error, what could be the issue?
here’s the failed run:
https://github.com/weirdyang/causeway-image/actions/runs/1737018565
Here’s my post process script
https://github.com/weirdyang/causeway-image/blob/main/post-process.js
I'm looking for an option to use a HTTPS URL with a self-signed certificate.
The solution could either ignore SSL warnings all together, or an option to provide a CA bundle to trust.
I was unable to figure out a way to do this with axios_config
.
The URL I'm attempting to use is at https://gdmf.apple.com/v2/pmv.
Hi
Thanks for working on flat
. Recently my pipeline started failing with the following error:
Warning Implicitly using latest version (1.0.0) for [deno.land/x/url_join/mod.ts](https://deno.land/x/url_join/mod.ts)
Error: Error: Command failed: NO_COLOR=true deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable postprocess.js data-raw.json
Warning Implicitly using latest version (1.0.0) for [deno.land/x/url_join/mod.ts](https://deno.land/x/url_join/mod.ts)
Error: TS1192 [ERROR]: Module '"[jspm.dev/xlsx](https://jspm.dev/xlsx)"' has no default export.
import xlsxlib from '[jspm.dev/xlsx](https://jspm.dev/xlsx)'
~~~~~~~
at [deno.land/x/[email protected]/src/xlsx.ts:1:8](https://deno.land/x/[email protected]/src/xlsx.ts:1:8)
Error: TS1192 [ERROR]: Module '"[jspm.dev/xlsx](https://jspm.dev/xlsx)"' has no default export.
import xlsxlib from '[jspm.dev/xlsx](https://jspm.dev/xlsx)'
~~~~~~~
at [deno.land/x/[email protected]/src/xlsx.ts:1:8](https://deno.land/x/[email protected]/src/xlsx.ts:1:8)
Please advice how to fix.
Logging of Deno errors on Github Actions tabs currenty logs Deno output with messy colored terminal output that can't be rendered in the github log tailing UI.
https://share.getcloudapp.com/GGuWQrnk
The deno
command should be run with color disabled as described in the docs here:
https://deno.land/manual/getting_started/setup_your_environment#environmental-variables
Could be possible render GeoJSON or geographic coordinate data as a map (eg.: leaflet)?
In addition to #91 flat dependencies are growing long in the tooth.
As of 2024-02-17, there are 32 vulnerabilities (15 moderate, 12 high, 5 critical).
Package Current Wanted Latest Location Depended by
@actions/core 1.2.6 1.10.1 1.10.1 node_modules/@actions/core flat
@actions/exec 1.0.4 1.1.1 1.1.1 node_modules/@actions/exec flat
@actions/github 4.0.0 4.0.0 6.0.0 node_modules/@actions/github flat
@tinyhttp/content-disposition 1.2.0 1.3.0 2.2.0 node_modules/@tinyhttp/content-disposition flat
@types/jest 26.0.20 26.0.24 29.5.12 node_modules/@types/jest flat
@types/node 14.14.37 14.18.63 20.11.19 node_modules/@types/node flat
@vercel/ncc 0.27.0 0.27.0 0.38.1 node_modules/@vercel/ncc flat
axios 0.21.1 0.21.4 1.6.7 node_modules/axios flat
connection-string 4.3.2 4.4.0 4.4.0 node_modules/connection-string flat
csv-stringify 5.6.2 5.6.5 6.4.5 node_modules/csv-stringify flat
es-mime-types 0.0.16 0.0.16 0.1.4 node_modules/es-mime-types flat
husky 6.0.0 6.0.0 9.0.11 node_modules/husky flat
jest 26.6.3 26.6.3 29.7.0 node_modules/jest flat
jest-circus 26.6.3 26.6.3 29.7.0 node_modules/jest-circus flat
mssql 6.3.1 6.4.1 10.0.2 node_modules/mssql flat
pg 8.5.1 8.11.3 8.11.3 node_modules/pg flat
prettier 2.2.1 2.8.8 3.2.5 node_modules/prettier flat
reflect-metadata 0.1.13 0.1.14 0.2.1 node_modules/reflect-metadata flat
sqlite3 5.1.6 5.1.7 5.1.7 node_modules/sqlite3 flat
ts-jest 26.5.3 26.5.6 29.1.2 node_modules/ts-jest flat
typeorm 0.2.31 0.2.45 0.3.20 node_modules/typeorm flat
typescript 4.2.3 4.9.5 5.3.3 node_modules/typescript flat
zod 3.0.0-alpha.4 3.22.4 3.22.4 node_modules/zod flat
@actions/core <=1.9.0
Severity: moderate
@actions/core has Delimiter Injection Vulnerability in exportVariable - https://github.com/advisories/GHSA-7r3h-m5j6-3q42
fix available via `npm audit fix`
node_modules/@actions/core
@azure/ms-rest-nodeauth <=3.0.9
Severity: high
Depends on vulnerable versions of @azure/ms-rest-js
Improper Privilege Management in Azure ms-rest-nodeauth - https://github.com/advisories/GHSA-qpfw-4m9x-rxx8
Depends on vulnerable versions of adal-node
fix available via `npm audit fix`
node_modules/@azure/ms-rest-nodeauth
tedious 6.3.0 - 6.7.0 || 7.0.0 - 9.2.1
Depends on vulnerable versions of @azure/ms-rest-nodeauth
node_modules/tedious
@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse
async 3.0.0 - 3.2.1
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
axios <=1.5.1
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
fix available via `npm audit fix`
node_modules/axios
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component
follow-redirects <=1.15.3
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
fix available via `npm audit fix`
node_modules/follow-redirects
ip *
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/ip
socks 1.0.0 - 2.7.1
Depends on vulnerable versions of ip
node_modules/socks
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
json5 2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse
qs 6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/qs
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
adal-node <=0.2.2 || >=2.0.0-pre
Depends on vulnerable versions of request
Depends on vulnerable versions of xmldom
node_modules/adal-node
jsdom 0.1.20 || 0.2.0 - 16.5.3
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
node_modules/jsdom
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@mapbox/node-pre-gyp/node_modules/semver
node_modules/@npmcli/fs/node_modules/semver
node_modules/jest-snapshot/node_modules/semver
node_modules/node-gyp/node_modules/semver
node_modules/node-notifier/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/sane/node_modules/semver
node_modules/semver
node_modules/ts-jest/node_modules/semver
tmpl <1.0.5
Severity: high
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion - https://github.com/advisories/GHSA-jgrx-mgxx-jf9v
fix available via `npm audit fix`
node_modules/tmpl
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/@azure/ms-rest-js/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie
node_modules/tough-cookie
@azure/ms-rest-js <=2.6.6
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of xml2js
node_modules/@azure/ms-rest-js
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
ws 7.0.0 - 7.4.5
Severity: moderate
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
fix available via `npm audit fix`
node_modules/ws
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/xml2js
typeorm 0.1.0-alpha.1 - 0.3.14-dev.daf1b47 || >=0.3.21-dev.28a8383
Depends on vulnerable versions of xml2js
node_modules/typeorm
xmldom *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
fix available via `npm audit fix`
node_modules/xmldom
My post-processing script is a fairly intensive process and uses around 20-50 of Action minutes per run. It would help me save on compute minutes if Flat first checked to see whether the original data had changed before kicking off the post-processing script.
Looking at the action script I found:
Line 44 in 1c5bd95
Deno is run with -A
flag which enables all permissions; it's probably not a big deal, but it seems that permissions could be restricted a bit to --allow-read
, --allow-write
, --allow-net
and --allow-env
; ie. disable ability to load native plugins, HR timing and spawning subprocesses.
I wanted to create a repo that would use the flat action to store some data from the Twitter API. The problem is the Twitter API requires authorization in order to get any data. With the current version of the flat action (v2.0.2) there's no way to do this.
I created a fork of this repo that can do just that and published it to the marketplace. I wanted to submit a PR but wasn't sure if y'all would actually want to add it the way I did it so I figured I'd share what I did and leave it up to y'all.
Below is an explanation of my solution, and here is a link to my repo where I use the action I created:
What I did to enable authorization was add a field to the actions with
field called Authorization
. The value of this field is then passed in as an Authorization
header.
The following code snippets are the changes I made to the existing code, there's only three files I changed (aside from the README):
const response = await axios.get(config.http_url, {
method: 'get',
responseType: 'stream',
headers: {
Authorization: config.Authorization,
},
})
const HTTPConfigSchema = z
.object({
http_url: z.string(),
Authorization: z.string().optional(),
})
.merge(CommonConfigSchema)
// ...
const keys = [
'downloaded_filename',
'http_url',
'Authorization',
'sql_connstring',
'sql_queryfile',
'postprocess',
]
Authorization:
description: 'A string to send as a header for authorizing API requests.'
required: false
Current Flat Action Release
My Fork
My Published Action
My Example Usage
I'm experimenting with a large CSV file (> 100 MB) so I had to use LFS. Everything went well during the Post Fetch Data step but the flat viewer is not able to visualize files stored with Git LFS.
url: https://flatgithub.com/rmaceissoft/flat-vaccination-peru-example?filename=registro_vacunacion.csv
Is there something I'm missing here? Thanks in advance
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.