diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 16ebd4072..1497bf9ac 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -50,17 +50,20 @@ jobs: - name: Summary - CodeQL analysis started shell: pwsh run: | - echo "## 🔒 CodeQL Security Analysis - Workflow Summary" >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY - echo "### Analysis Configuration" >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY - echo "| Property | Value |" >> $env:GITHUB_STEP_SUMMARY - echo "| --- | --- |" >> $env:GITHUB_STEP_SUMMARY - echo "| Repository | \`${{ github.repository }}\` |" >> $env:GITHUB_STEP_SUMMARY - echo "| Branch | \`${{ github.ref_name }}\` |" >> $env:GITHUB_STEP_SUMMARY - echo "| Language | \`${{ matrix.language }}\` |" >> $env:GITHUB_STEP_SUMMARY - echo "| Commit | \`${{ github.sha }}\` |" >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY + $summary = @( + '## 🔒 CodeQL Security Analysis - Workflow Summary' + '' + '### Analysis Configuration' + '' + '| Property | Value |' + '| --- | --- |' + '| Repository | `${{ github.repository }}` |' + '| Branch | `${{ github.ref_name }}` |' + '| Language | `${{ matrix.language }}` |' + '| Commit | `${{ github.sha }}` |' + '' + ) + $summary | Add-Content -Path $env:GITHUB_STEP_SUMMARY # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL @@ -86,10 +89,13 @@ jobs: if: success() shell: pwsh run: | - echo "### ✅ Build Completed" >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY - echo "Cmder launcher built successfully for CodeQL analysis." >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY + $summary = @( + '### ✅ Build Completed' + '' + 'Cmder launcher built successfully for CodeQL analysis.' + '' + ) + $summary | Add-Content -Path $env:GITHUB_STEP_SUMMARY - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 @@ -100,10 +106,13 @@ jobs: if: success() shell: pwsh run: | - echo "### 🔍 CodeQL Analysis Results" >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY - echo "✅ CodeQL security analysis completed successfully." >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY - echo "**Language analyzed:** \`${{ matrix.language }}\`" >> $env:GITHUB_STEP_SUMMARY - echo "" >> $env:GITHUB_STEP_SUMMARY - echo "> Check the Security tab for detailed findings and recommendations." >> $env:GITHUB_STEP_SUMMARY + $summary = @( + '### 🔍 CodeQL Analysis Results' + '' + '✅ CodeQL security analysis completed successfully.' + '' + '**Language analyzed:** `${{ matrix.language }}`' + '' + '> Check the Security tab for detailed findings and recommendations.' + ) + $summary | Add-Content -Path $env:GITHUB_STEP_SUMMARY diff --git a/.gitignore b/.gitignore index 3ca812444..8edad6f19 100644 --- a/.gitignore +++ b/.gitignore @@ -37,4 +37,4 @@ scripts/packer/iso/*.iso scripts/packer/packer_cache scripts/packer/output-* *.box - +*.code-workspace diff --git a/scripts/build.ps1 b/scripts/build.ps1 index 634d2467c..9a0be078a 100644 --- a/scripts/build.ps1 +++ b/scripts/build.ps1 @@ -60,7 +60,10 @@ Param( [string]$terminal = 'all', # Build launcher if you have MSBuild tools installed - [switch]$Compile + [switch]$Compile, + + # Install pacman if not present + [switch]$InstallPacman ) # Get the scripts and cmder root dirs we are building in. @@ -199,6 +202,10 @@ if (-not $noVendor) { Copy-Item $($saveTo + "git-prompt.sh") $($saveTo + "git-for-windows/etc/profile.d/git-prompt.sh") } + if ( $InstallPacman -and !(Test-Path $($saveTo + "git-for-windows/usr/bin/pacman.exe") ) ) { + Write-Verbose "Installing pacman..." + & $($saveTo + "git-for-windows/bin/bash.exe") $($saveTo + "../scripts/install_pacman.sh") + } Pop-Location } diff --git a/scripts/install_pacman.sh b/scripts/install_pacman.sh new file mode 100644 index 000000000..dd725ca4a --- /dev/null +++ b/scripts/install_pacman.sh @@ -0,0 +1,128 @@ +#!/usr/bin/env bash + +# Based on: https://github.com/mcgitty/pacman-for-git +# Dax T. Games Fork: https://github.com/daxgames/pacman-for-git + +# Disclaimer: Use at your own risk. +# +# This script modifies system files and installs the pacman package manager into your Git for Windows environment. +# +# While it has been tested in various Git for Windows versions, there is always a risk of data loss or system instability when running scripts that alter executable files and shared libraries. +# +# Make sure to back up any important data before proceeding. +# +# Always review and understand scripts from external sources prior to execution. + +export bin_source=${1:-https://github.com/daxgames/pacman-for-git/raw/refs/heads/main} +export HOME=$(cygpath -u "$USERPROFILE") +echo "Using binary source: $bin_source" +echo "Using HOME directory: $HOME" + +if [[ "$HOSTTYPE" == "i686" ]]; then + pacman=( + pacman-6.0.0-4-i686.pkg.tar.zst + pacman-mirrors-20210703-1-any.pkg.tar.zst + msys2-keyring-1~20210213-2-any.pkg.tar.zst + ) + + zstd=zstd-1.5.0-1-i686.pkg.tar.xz + zstd_win=https://github.com/facebook/zstd/releases/download/v1.5.5/zstd-v1.5.5-win32.zip +else + pacman=( + pacman-6.0.1-18-x86_64.pkg.tar.zst + pacman-mirrors-20220205-1-any.pkg.tar.zst + msys2-keyring-1~20220623-1-any.pkg.tar.zst + ) + + zstd=zstd-1.5.2-1-x86_64.pkg.tar.xz + zstd_win=https://github.com/facebook/zstd/releases/download/v1.5.5/zstd-v1.5.5-win64.zip +fi + +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo Downloading pacman files... +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +for f in "${pacman[@]}"; do + echo "Running: curl -sLkf -o \"$HOME/Downloads/$f\" \"${bin_source}/$f\"" + curl -sLkf -o "$HOME/Downloads/$f" "${bin_source}/$f" || exit 1 +done +echo -e "\n=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n" + +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo Downloading zstd binaries... +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo "Running: curl -sLkf -o \"$HOME/Downloads/$zstd\" \"${bin_source}/$zstd\"" +curl -sLkf -o "$HOME/Downloads/$zstd" "${bin_source}/$zstd" || exit 1 +echo "Running: curl -sLkf -o \"$HOME/Downloads/$(basename \"${zstd_win}\")\" \"$zstd_win\"" +curl -sLkf -o "$HOME/Downloads/$(basename "${zstd_win}")" "$zstd_win" || exit 1 +echo -e "\n=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n" + +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo Downloading pacman.conf... +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo "Running: curl -Lk https://raw.githubusercontent.com/msys2/MSYS2-packages/7858ee9c236402adf569ac7cff6beb1f883ab67c/pacman/pacman.conf" +curl -sLk https://raw.githubusercontent.com/msys2/MSYS2-packages/7858ee9c236402adf569ac7cff6beb1f883ab67c/pacman/pacman.conf -o /etc/pacman.conf || exit 1 + +pushd "$HOME/Downloads" +[[ -d "$(basename "${zstd_win}" | sed 's/\.zip$//')" ]] && \ + rm -rf "$(basename "${zstd_win}" | sed 's/\.zip$//')" +unzip "$HOME/Downloads/$(basename "${zstd_win}")" +export PATH="$PATH:$HOME/Downloads/$(basename "${zstd_win}" | sed 's/\.zip$//')" +popd +echo -e "\n=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n" + +cd / +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo Installing pacman files... +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo "Extracting zstd to /usr..." +tar x --xz -vf "$HOME/Downloads/$zstd" usr + +for f in "${pacman[@]}"; do + echo "Extracting $f to /usr and /etc..." + tar x --zstd -vf "$HOME/Downloads/$f" usr etc 2>/dev/null +done +echo -e "\n=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n" + +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo Initializing pacman... +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +mkdir -p /var/lib/pacman +ln -sf "$(which gettext)" /usr/bin/ +pacman-key --init +pacman-key --populate msys2 +pacman -Syu --noconfirm --disable-download-timeout +echo -e "\n=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n" + +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo Getting package versions for the installed Git release +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +t=$(grep -E 'mingw-w64-[ix_0-9]+-git ' /etc/package-versions.txt) +echo "Found package version line: $t" + +curl --help >/dev/null 2>&1 || { echo "ERROR: curl is not installed properly."; exit 1; } + +echo "Getting commit ID that matches '$t' from github pacman-for-git..." +t=$(curl -sLk "${bin_source}/version-tags.txt" | grep "$t") +echo "Full line from version-tags.txt: '$t'" + +[[ "$t" == "" ]] && echo "ERROR: Commit ID not logged in github pacman-for-git." && exit 1 +echo -e "Using commit ID: '${t##* }'" +echo -e "\n=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n" + +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +echo Downloading package database files for the installed Git release +echo =-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +b=64 && [[ "$t" == *-i686-* ]] && b=32 +URL="https://github.com/git-for-windows/git-sdk-$b/raw/${t##* }" +while read -r p v; do + d="/var/lib/pacman/local/$p-$v" + mkdir -p "$d" + echo "$d" + + for f in desc files mtree; do + curl -fsSL "$URL$d/$f" -o "$d/$f" + done + + [[ ! -f "$d/desc" ]] && rmdir "$d" && echo "Missing $d" +done < /etc/package-versions.txt +echo -e "\n=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n"