From 678594a5126331b08b4ed3f751cca21bfc425245 Mon Sep 17 00:00:00 2001 From: saikumarvasa100-hash Date: Thu, 13 Nov 2025 22:22:42 +0530 Subject: [PATCH 1/5] Restrict theme asset downloads to .yaml files Fixes #4863 When installing themes with release assets containing .yaml files, HACS was downloading ALL release assets instead of only the theme .yaml files. Fixes #4863 When installing themes with release assets containing .yaml files, HACS was downloading ALL release assets instead of only the theme .yaml files. This fix adds a filter in the gather_files_to_download() method to skip non-.yaml files when downloading theme release assets. This ensures only .yaml theme files are downloaded, preventing unwanted files like zip archives from being installed. --- custom_components/hacs/repositories/base.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/custom_components/hacs/repositories/base.py b/custom_components/hacs/repositories/base.py index 950f52facd3..e07c43ad9dd 100644 --- a/custom_components/hacs/repositories/base.py +++ b/custom_components/hacs/repositories/base.py @@ -1183,6 +1183,9 @@ def gather_files_to_download(self) -> list[FileInformation]: for release in releaseobjects or []: if ref == release.tag_name: for asset in release.assets or []: + # For themes, only download .yaml files from release assets + if category == "theme" and not asset.name.endswith(".yaml"): + continue files.append( FileInformation(asset.browser_download_url, asset.name, asset.name) ) From 91179511ff2abffddbe22639cc031c7b54107019 Mon Sep 17 00:00:00 2001 From: saikumarvasa100-hash Date: Fri, 14 Nov 2025 00:20:47 +0530 Subject: [PATCH 2/5] Add test coverage for theme .yaml file filtering Add test to verify that only .yaml files are downloaded from theme release assets, excluding non-.yaml files like images, zips, and markdown files. Add test for gathering theme files from release assets, ensuring only .yaml files are included. --- .../download/test_gather_files_to_download.py | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/helpers/download/test_gather_files_to_download.py b/tests/helpers/download/test_gather_files_to_download.py index 18d268765df..2850418ba67 100644 --- a/tests/helpers/download/test_gather_files_to_download.py +++ b/tests/helpers/download/test_gather_files_to_download.py @@ -230,4 +230,28 @@ def test_gather_plugin_different_card_name(repository_plugin): repository_plugin.update_filenames() files = [x.path for x in repository.gather_files_to_download()] assert "card.js" in files + + +def test_gather_theme_files_from_release_only_yaml(repository_theme): + """Test that only .yaml files are downloaded from theme release assets.""" + repository = repository_theme + repository.data.releases = True + repository.releases.objects = [ + GitHubReleaseModel({ + "tag_name": "1.0.0", + "assets": [ + {"name": "theme.yaml"}, + {"name": "theme-dark.yaml"}, + {"name": "screenshot.png"}, + {"name": "README.md"}, + {"name": "theme.zip"}, + ] + }), + ] + files = [x.name for x in repository.gather_files_to_download()] + assert "theme.yaml" in files + assert "theme-dark.yaml" in files + assert "screenshot.png" not in files + assert "README.md" not in files + assert "theme.zip" not in files assert "info.md" not in files From 1c777886db011211ce96450bbc5d8a707115dac3 Mon Sep 17 00:00:00 2001 From: saikumarvasa100-hash Date: Fri, 14 Nov 2025 01:39:14 +0530 Subject: [PATCH 3/5] Update repository ref to version 1.0.0 in test Set repository reference to version 1.0.0 for testing. --- tests/helpers/download/test_gather_files_to_download.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/helpers/download/test_gather_files_to_download.py b/tests/helpers/download/test_gather_files_to_download.py index 2850418ba67..93470b48f33 100644 --- a/tests/helpers/download/test_gather_files_to_download.py +++ b/tests/helpers/download/test_gather_files_to_download.py @@ -235,6 +235,7 @@ def test_gather_plugin_different_card_name(repository_plugin): def test_gather_theme_files_from_release_only_yaml(repository_theme): """Test that only .yaml files are downloaded from theme release assets.""" repository = repository_theme + repository.ref = "1.0.0" repository.data.releases = True repository.releases.objects = [ GitHubReleaseModel({ From 000bdc029f041e67f1e83216038eb247ecb1e208 Mon Sep 17 00:00:00 2001 From: saikumarvasa100-hash Date: Fri, 14 Nov 2025 06:24:06 +0530 Subject: [PATCH 4/5] Fix indentation error in test file --- tests/helpers/download/test_gather_files_to_download.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/helpers/download/test_gather_files_to_download.py b/tests/helpers/download/test_gather_files_to_download.py index 93470b48f33..3c549f3777c 100644 --- a/tests/helpers/download/test_gather_files_to_download.py +++ b/tests/helpers/download/test_gather_files_to_download.py @@ -231,8 +231,7 @@ def test_gather_plugin_different_card_name(repository_plugin): files = [x.path for x in repository.gather_files_to_download()] assert "card.js" in files - -def test_gather_theme_files_from_release_only_yaml(repository_theme): + def test_gather_theme_files_from_release_only_yaml(repository_theme): """Test that only .yaml files are downloaded from theme release assets.""" repository = repository_theme repository.ref = "1.0.0" From c7a25e98c4ff4063d1a4656f2db9a66a31d185bd Mon Sep 17 00:00:00 2001 From: saikumarvasa100-hash Date: Thu, 20 Nov 2025 19:25:51 +0530 Subject: [PATCH 5/5] Fix indentation error in test_gather_theme_files_from_release_only_yaml function