ED/EDMarketConnector
1
0
Fork 0
mirror of https://github.com/EDCD/EDMarketConnector.git synced 2025-04-12 23:37:14 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2341 from Athanasius/github-workflows-security

Browse Source 
Guard against workflow shell execution vulnerabilities
This commit is contained in:
David Sangrey 2024-12-19 16:45:07 -05:00 committed by GitHub
commit a87edfe7b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/pr-checks.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
# Debug show the info we have to work with # Debug show the info we have to work with
- name: Show github context - name: Show github context
run: cat $GITHUB_EVENT_PATH run: cat "$GITHUB_EVENT_PATH"
#################################################################### ####################################################################
# Checkout the necessary commits # Checkout the necessary commits
@ -44,9 +44,9 @@ jobs:
echo "BASE_REPO_URL: ${BASE_REPO_URL}" echo "BASE_REPO_URL: ${BASE_REPO_URL}"
echo "BASE_REPO_OWNER: ${BASE_REPO_OWNER}" echo "BASE_REPO_OWNER: ${BASE_REPO_OWNER}"
# Add the 'base' repo as a new remote # Add the 'base' repo as a new remote
git remote add ${BASE_REPO_OWNER} ${BASE_REPO_URL} git remote add "${BASE_REPO_OWNER}" "${BASE_REPO_URL}"
# And then fetch its references # And then fetch its references
git fetch ${BASE_REPO_OWNER} git fetch "${BASE_REPO_OWNER}"
#################################################################### ####################################################################
#################################################################### ####################################################################

2
.github/workflows/push-checks.yml vendored
View File

@ -43,7 +43,7 @@ jobs:
env: env:
ROOT_SHA: ${{github.base_ref}} ROOT_SHA: ${{github.base_ref}}
run: | run: |
DATA=$(jq --raw-output .before $GITHUB_EVENT_PATH) DATA=$(jq --raw-output .before "$GITHUB_EVENT_PATH")
echo "DATA: ${DATA}" echo "DATA: ${DATA}"
####################################################################### #######################################################################

2
.github/workflows/submodule-update.yml vendored
View File

@ -54,7 +54,7 @@ jobs:
- name: Create submodules changes branch - name: Create submodules changes branch
if: steps.check_for_changes.outputs.changes == 'true' if: steps.check_for_changes.outputs.changes == 'true'
run: | run: |
git checkout -b "submodule-change/$GITHUB_RUN_ID" $CHECKOUT_BRANCH git checkout -b "submodule-change/$GITHUB_RUN_ID" "$CHECKOUT_BRANCH"
git commit -am "updating submodules" git commit -am "updating submodules"
git push --set-upstream origin "submodule-change/$GITHUB_RUN_ID" git push --set-upstream origin "submodule-change/$GITHUB_RUN_ID"

4
.github/workflows/windows-build.yml vendored
View File

@ -39,7 +39,7 @@ jobs:
# For 'tar' we can only specify filename/glob exclusions, not any # For 'tar' we can only specify filename/glob exclusions, not any
# directory location # directory location
tar -c -v -z \ tar -c -v -z \
-f ../EDMarketConnector-release-${{ needs.variables.outputs.sem_ver }}.tar.gz \ -f "../EDMarketConnector-release-${{ needs.variables.outputs.sem_ver }}.tar.gz" \
-C .. \ -C .. \
--exclude=EDMarketConnector-release-*.* \ --exclude=EDMarketConnector-release-*.* \
--exclude=.editorconfig \ --exclude=.editorconfig \
@ -59,7 +59,7 @@ jobs:
--exclude=scripts \ --exclude=scripts \
--exclude=tests \ --exclude=tests \
EDMarketConnector EDMarketConnector
mv ../EDMarketConnector-release-${{ needs.variables.outputs.sem_ver }}.tar.gz . mv "../EDMarketConnector-release-${{ needs.variables.outputs.sem_ver }}.tar.gz" .
- name: Upload build files - name: Upload build files
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4