JavaScript action: generate ./dist during release build? #40651
Replies: 2 comments
-
Hi there @falti and welcome to our community! Thank you for asking a great question 🙂 To get started, introduce yourself in our official introduction thread |
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
I am maintainer of https://github.com/falti/dotenv-action which is a fork from the javascript-action.
Is there a simple way to exclude the ./dist from the git repo and generate it, let's say during the release?
Having it as part of the source is a potential security flaw. If I receive PRs from other parties I need to verify that the code in the ./dist does not contain some easter eggs. As the code is minified it is a bit cumbersome.
What are the recommended ways to handle this? Like generating the distribution it in a separate stage and compare the results?
Are there any better ways?
Beta Was this translation helpful? Give feedback.
All reactions