chore: Revert "fix: Zip iOS .app bundles for runway bucket"#29600
Conversation
This reverts commit 3ba1e2d.
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
🔍 Smart E2E Test Selection
click to see 🤖 AI reasoning detailsE2E Test Selection:
These are purely CI artifact packaging changes. No application source code, test infrastructure, controllers, navigation, or user-facing functionality is affected. No E2E tests need to run to validate these changes, and there is no performance impact. Performance Test Selection: |
| [dir, '-name', pattern, '-type', 'f'], | ||
| { encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'] }, | ||
| ).trim(); | ||
| const output = execSync(`find "${dir}" -name "${pattern}" -type f 2>/dev/null || true`, { |
| ['-c', '-k', '--sequesterRsrc', '--keepParent', oldArchive, archiveZip], | ||
| { stdio: 'inherit' }, | ||
| execSync( | ||
| `ditto -c -k --sequesterRsrc --keepParent "${oldArchive}" "${archiveZip}"`, |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 255c3e0. Configure here.
| ['-c', '-k', '--sequesterRsrc', '--keepParent', newApp, zipPath], | ||
| { stdio: 'inherit' }, | ||
| execSync( | ||
| `ditto -c -k --sequesterRsrc --keepParent "${newApp}" "${zipPath}"`, |
There was a problem hiding this comment.
Reverting execFileSync to execSync introduces shell injection risk
Medium Severity
The revert switches cp and ditto calls from execFileSync (array-based, no shell) to execSync with template-literal string interpolation (spawns a shell). Even with double-quoting, shell metacharacters like $(...), backticks, or backslashes in interpolated values (environment, configuration env vars) can escape. These cp/ditto invocations don't need any shell features, so execFileSync with an argument array was the safer choice and its removal is an unintended side effect of the revert.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 255c3e0. Configure here.
|
Reverts #29377
Shouldn't need double zip anymore since Runway should support .app bundles
Note
Medium Risk
Medium risk because it changes CI artifact packaging and paths for iOS simulator outputs, which could break downstream consumers or uploads if the expected zip naming/location differs.
Overview
Reverts the iOS simulator artifact workaround that double-zipped and staged
.appbundles before upload, returning to a single.zipproduced directly from the simulator.appand emitting that path viaios_simulator_path.The build workflow is simplified by removing simulator upload staging/cleanup logic and loosening the upload step condition (dropping the redundant
success()guard). The artifact renaming script also switches fromexecFileSynctoexecSyncforfind/cp/dittoinvocations and removes repo-relative path conversion for simulator uploads.Reviewed by Cursor Bugbot for commit 255c3e0. Bugbot is set up for automated code reviews on this repo. Configure here.