studio/wfe
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 3 Activity
Files
17a50d776b550fd8de7f75a8ad27ea4f30c8ef4e
wfe/wfe-yaml/Cargo.toml
Sienna Meridian Satterwhite c63bf7b814 feat(wfe-yaml): add log streaming to shell executor + security hardening 
Shell step streaming: when LogSink is present, uses cmd.spawn() with
tokio::select! to interleave stdout/stderr line-by-line. Respects
timeout_ms with child.kill() on timeout. Falls back to buffered mode
when no LogSink.

Security: block sensitive env var overrides (PATH, LD_PRELOAD, etc.)
from workflow data injection. Proper error handling for pipe capture.

4 LogSink regression tests + 2 env var security regression tests.
2026-04-01 14:33:53 +01:00

43 lines
1.3 KiB
TOML
Raw Blame History

[package]
name = "wfe-yaml"
version.workspace = true
edition.workspace = true
description = "YAML workflow definitions for WFE"
[features]
default = []
deno = ["deno_core", "deno_error", "url", "reqwest"]
buildkit = ["wfe-buildkit"]
containerd = ["wfe-containerd"]
rustlang = ["wfe-rustlang"]
[dependencies]
wfe-core = { workspace = true }
serde = { workspace = true }
serde_json = { workspace = true }
serde_yaml = { workspace = true }
yaml-merge-keys = { workspace = true }
async-trait = { workspace = true }
tokio = { workspace = true }
thiserror = { workspace = true }
tracing = { workspace = true }
chrono = { workspace = true }
regex = { workspace = true }
deno_core = { workspace = true, optional = true }
deno_error = { workspace = true, optional = true }
url = { workspace = true, optional = true }
reqwest = { workspace = true, optional = true }
wfe-buildkit = { workspace = true, optional = true }
wfe-containerd = { workspace = true, optional = true }
wfe-rustlang = { workspace = true, optional = true }
[dev-dependencies]
pretty_assertions = { workspace = true }
tokio = { workspace = true, features = ["test-util", "process"] }
tokio-util = "0.7"
wfe-core = { workspace = true, features = ["test-support"] }
wfe = { path = "../wfe" }
wiremock = { workspace = true }
tempfile = { workspace = true }
tracing-subscriber = { workspace = true }
Reference in New Issue View Git Blame Copy Permalink