ollama-utils: add publish and cronjob workflows #1206
Conversation
| console.log("Added templates for:"); | ||
| console.log(addedModels.join("\n")); | ||
| console.log("Skipped these models due to error:"); | ||
| console.log(skippedModelsDueToErr.join("\n")); |
There was a problem hiding this comment.
Can we use console.error() for better error differentiation? This would help separate errors from regular logs, making debugging and log filtering easier.
There was a problem hiding this comment.
I'm not sure why stderr sometimes come out-of-order on github CI output, so I'm sticking with console.log for now
There was a problem hiding this comment.
We need to be careful about injection when writing stuff to env in github actions - but I think it's fine in this case 👍 (no user-provided ref or branch name or file name in the vars)
There was a problem hiding this comment.
I acknowledge about this class of attack. In fact, that's why I always pass variable firstly via env and then access the environment variables in the code. So even if the user try to inject via ${{ steps.changes.outputs.NEW_BRANCH }} for example, it will still be contained inside a string.
In other words, a bad approach will be:
const newBranch = "${{ steps.changes.outputs.NEW_BRANCH }}";
Good approach:
const newBranch = process.env.NEW_BRANCH;
There was a problem hiding this comment.
(Please note that the above is an example. Indeed, none of the variables in the script is user-controllable as you pointed out)
|
I'm getting this error: https://github.com/huggingface/huggingface.js/actions/runs/13501236917/job/37719936942 @coyotte508 @julien-c Do you know how to enable this? Thanks! |
|
@ngxson maybe ask in #infra channel |
In this PR:
For the auto-update workflow, here is a demo: