fix: validate status and some security

2026-04-19 00:38:06 +08:00 · 2022-03-20 14:01:35 +07:00
parent 31d4a5f24b
commit a2c408c63d
387 changed files with 33710 additions and 4612 deletions
--- a/README.md
+++ b/README.md
@@ -1,79 +1,83 @@
 # cURL for Github Action

-You can use this action to perform REST API base on [axios](https://github.com/axios/axios) module. 
-
+You can use this action to perform REST API base on [axios](https://github.com/axios/axios) module.

 # Usage
+
 ```yaml
 name: Example of cURL action

-on: [ push ]
+on: [push]
 jobs:
-    test-curl-action:
-        name: 'Perform REST API'
-        runs-on: ubuntu-latest
-        steps:
-            - name: 'Call API'
-              uses: indiesdev/curl@v1
-              with:
-                # The target URL
-                # Required: true if custom-config is not set
-                url: https://reqres.in/api/users
-                
-                # The request method, basically it's one of GET|POST|PUT|PATCH
-                # Default is GET 
-                method: 'POST'
+  test-curl-action:
+    name: "Perform REST API"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Call API"
+        uses: indiesdev/curl@v1.1
+        with:
+          # The target URL
+          # Required: true if custom-config is not set
+          url: https://reqres.in/api/users

-                # List of response status codes to be accepted, else it will set the job to be failed
-                # If more than one value is needed, you can use comma(,) as seperator
-                # In this case if the response status code is not one of 200, 201 and 204, the job will be failed
-                # Default is 200,201,204
-                accept: 200,201,204
+          # The request method, basically it's one of GET|POST|PUT|PATCH
+          # Default is GET
+          method: "POST"

-                # Headers can be passed through json object string 
-                headers: '{ "custom-header": "value" }'
+          # List of response status codes to be accepted, else it will set the job to be failed
+          # If more than one value is needed, you can use comma(,) as seperator
+          # In this case if the response status code is not one of 200, 201 and 204, the job will be failed
+          # Default is 200,201,204
+          accept: 200,201,204

-                # Params can be passed through json object string 
-                params: '{ "param1": "value", "param2": "value2" }'
-                
-                # Body request
-                # Apply only to POST|PUT request
-                body: '{ "name": "breeze",  "job": "devops" }'
+          # Headers can be passed through json object string
+          headers: '{ "custom-header": "value" }'

-                # Request timeout (millisec)
-                # Default: 1000
-                timeout: 1000
-                
-                # Basic authentication using username and password
-                # This will override the Authorization header, for example Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
-                # Format => username:password
-                basic-auth: ${{ secrets.curl_auth_username }}:${{ secrets.curl_auth_password }}
-                
-                # The authentication using token
-                # This will override the Authorization header, for example Authorization: Bearer QWxhZGRpbjpPcGVuU2VzYW1l
-                bearer-token: ${{ secrets.bearer_token }}
+          # Params can be passed through json object string
+          params: '{ "param1": "value", "param2": "value2" }'

-                # If you want to use proxy with the request, you can use proxy-url
-                # Format => host:port
-                proxy-url: https://proxy-url:3000
+          # Body request
+          # Apply only to POST|PUT request
+          body: '{ "name": "breeze",  "job": "devops" }'

-                # If the proxy host requires the authentication, you can use proxy-auth to pass credentials 
-                # Format => username:password
-                proxy-auth: ${{ secrets.proxy_auth_username }}:${{ secrets.proxy_auth_password }}
+          # Request timeout (millisec)
+          # Default: 1000
+          timeout: 1000

-                # If it is set to true, it will show the response log in the Github UI
-                # Default: false
-                is_debug: false
+          # Basic authentication using username and password
+          # This will override the Authorization header, for example Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
+          # Format => username:password as base 64
+          basic-auth-token: ${{ secrets.curl_auth_token }}

-                # If you want to use axios config directly, you can pass config file to the action
-                # The file is just basically a json file that has the same format as axios config https://github.com/axios/axios#request-config
-                # If this input is set, it will ignore other inputs that related to the config
-                # The path file is start from root directory of the repo
-                custom-config: .github/workflows/curl-config.json
-  
-  ```
+          # The authentication using token
+          # This will override the Authorization header, for example Authorization: Bearer QWxhZGRpbjpPcGVuU2VzYW1l
+          bearer-token: ${{ secrets.bearer_token }}
+
+          # If you want to use proxy with the request, you can use proxy-url
+          # Format => host:port
+          proxy-url: https://proxy-url:3000
+
+          # If the proxy host requires the authentication, you can use proxy-auth to pass credentials
+          # Format => username:password as base64
+          proxy-auth-token: ${{ secrets.proxy_auth_token }}
+
+          # If it is set to true, it will show the response log in the Github UI
+          # Default: false
+          log-response: false
+
+          # Retries specify the number of retry attemps before giving up.
+          # Default: 1
+          retries: 3
+
+          # If you want to use axios config directly, you can pass config file to the action
+          # The file is just basically a json file that has the same format as axios config https://github.com/axios/axios#request-config
+          # If this input is set, it will ignore other inputs that related to the config
+          # The path file is start from root directory of the repo
+          custom-config: .github/workflows/curl-config.json
+```

 # Response object
+
 ```javascript
 {
  // `data` is the response that was provided by the server
@@ -91,29 +95,37 @@ jobs:

 ```

+# Use Response

-# Use Response 
 ```yaml
 name: Example of cURL action

-on: [ push ]
+on: [push]
 jobs:
-    test-curl-action:
-        name: 'Perform REST API'
-        runs-on: ubuntu-latest
-        steps:
-            - name: 'Call API'
-              uses: indiesdev/curl@v1
-              id: api
-              with:
-                url: https://reqres.in/api/users
-                method: 'POST'
-                accept: 201
-                body: '{ "name": "breeze",  "job": "devops" }'
-            - name: 'Use response'
-              run: echo ${{ steps.api.outputs.response }}
-
-  
-  ```
-
-
+  test-curl-action:
+    name: "Perform REST API"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Call API 1"
+        uses: indiesdev/curl@v1.1
+        id: api
+        with:
+          url: https://reqres.in/api/users
+          method: "POST"
+          accept: 201
+          body: '{ "name": "breeze", "job": "devops" }'
+          log-response: true
+      - name: "Call API 2"
+        uses: indiesdev/curl@v1.1
+        id: api2
+        with:
+          url: https://reqres.in/api/users
+          method: "POST"
+          accept: 201
+          body: |
+            name: breeze
+            job: devops
+          log-response: true
+      - name: "Use response"
+        run: echo ${{ steps.api.outputs.response }}
+```