From 8ab55c066cf8452a9cc4629da2e981c28187294b Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Mon, 12 May 2025 12:36:58 +0530 Subject: [PATCH 1/4] Make lz4 module loading more lenient --- lib/utils/lz4.ts | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/utils/lz4.ts b/lib/utils/lz4.ts index 8186024d..257329cb 100644 --- a/lib/utils/lz4.ts +++ b/lib/utils/lz4.ts @@ -6,10 +6,24 @@ function tryLoadLZ4Module(): LZ4Module | undefined { try { return require('lz4'); // eslint-disable-line global-require } catch (err) { - const isModuleNotFoundError = err instanceof Error && 'code' in err && err.code === 'MODULE_NOT_FOUND'; - if (!isModuleNotFoundError) { - throw err; + if (!(err instanceof Error) || !('code' in err)) { + console.warn('Unexpected error loading LZ4 module: Invalid error object'); + return undefined; } + + if (err.code === 'MODULE_NOT_FOUND') { + console.warn('LZ4 module not installed: Missing dependency'); + return undefined; + } + + if (err.code === 'ERR_DLOPEN_FAILED') { + console.warn('LZ4 native module failed to load: Architecture or version mismatch'); + return undefined; + } + + // If it's not a known error, return undefined + console.warn('Unknown error loading LZ4 module: Unhandled error code'); + return undefined; } } From b75c61d7432e68f7f99dcdbb6488375c284a33d8 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Mon, 12 May 2025 12:58:40 +0530 Subject: [PATCH 2/4] Add error message --- lib/utils/lz4.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/utils/lz4.ts b/lib/utils/lz4.ts index 257329cb..b8a8e8ad 100644 --- a/lib/utils/lz4.ts +++ b/lib/utils/lz4.ts @@ -7,22 +7,22 @@ function tryLoadLZ4Module(): LZ4Module | undefined { return require('lz4'); // eslint-disable-line global-require } catch (err) { if (!(err instanceof Error) || !('code' in err)) { - console.warn('Unexpected error loading LZ4 module: Invalid error object'); + console.warn('Unexpected error loading LZ4 module: Invalid error object', err); return undefined; } if (err.code === 'MODULE_NOT_FOUND') { - console.warn('LZ4 module not installed: Missing dependency'); + console.warn('LZ4 module not installed: Missing dependency', err); return undefined; } if (err.code === 'ERR_DLOPEN_FAILED') { - console.warn('LZ4 native module failed to load: Architecture or version mismatch'); + console.warn('LZ4 native module failed to load: Architecture or version mismatch', err); return undefined; } // If it's not a known error, return undefined - console.warn('Unknown error loading LZ4 module: Unhandled error code'); + console.warn('Unknown error loading LZ4 module: Unhandled error code', err); return undefined; } } From 11590dec33eecace7f86577c5e13ebab892891fa Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Wed, 14 May 2025 13:35:39 +0530 Subject: [PATCH 3/4] Attempting to use pull_request_target --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e854e459..761c42af 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,7 +4,7 @@ on: push: branches: - main - pull_request: + pull_request_target: branches: - main From d6b855fa596347fffaa794d94a6b822f20c9b8c4 Mon Sep 17 00:00:00 2001 From: samikshya-chand_data Date: Wed, 14 May 2025 14:49:01 +0530 Subject: [PATCH 4/4] Security hardening exercise --- .github/workflows/dco-check.yml | 4 +++- .github/workflows/main.yml | 19 ++++++++++++++----- .github/workflows/release.yml | 4 +++- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dco-check.yml b/.github/workflows/dco-check.yml index 1c0ca6ec..f7dcdd33 100644 --- a/.github/workflows/dco-check.yml +++ b/.github/workflows/dco-check.yml @@ -4,7 +4,9 @@ on: [pull_request] jobs: check: - runs-on: ubuntu-latest + runs-on: + group: databricks-protected-runner-group + labels: linux-ubuntu-latest steps: - name: Check for DCO id: dco-check diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 761c42af..320269c4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,13 +4,16 @@ on: push: branches: - main - pull_request_target: + pull_request: branches: - main jobs: lint: - runs-on: ubuntu-latest + runs-on: + group: databricks-protected-runner-group + labels: linux-ubuntu-latest + steps: - uses: actions/checkout@v3 - name: Cache node modules @@ -31,7 +34,9 @@ jobs: npm run lint unit-test: - runs-on: ubuntu-latest + runs-on: + group: databricks-protected-runner-group + labels: linux-ubuntu-latest strategy: matrix: # only LTS versions starting from the lowest we support @@ -72,7 +77,9 @@ jobs: retention-days: 1 e2e-test: - runs-on: ubuntu-latest + runs-on: + group: databricks-protected-runner-group + labels: linux-ubuntu-latest environment: azure-prod env: E2E_HOST: ${{ secrets.DATABRICKS_HOST }} @@ -110,7 +117,9 @@ jobs: coverage: needs: [unit-test, e2e-test] - runs-on: ubuntu-latest + runs-on: + group: databricks-protected-runner-group + labels: linux-ubuntu-latest env: cache-name: cache-node-modules diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0504b21c..7ba48145 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,9 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: + group: databricks-protected-runner-group + labels: linux-ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v1