Compare commits

...

3 Commits

Author SHA1 Message Date
Y. Meyer-Norwood
044172c87c
Merge d86d1a437e into 2d7d9f7ff5 2024-09-04 20:38:00 +05:30
Y. Meyer-Norwood
d86d1a437e
Merge branch 'main' into patch-1 2024-01-16 08:51:56 +13:00
Y. Meyer-Norwood
fe77b196f4
Prevent Script Injection Attack
The user provided inputs here are vulnerable to script injection. This PR uses an intermediary environment variable to treat the input as a string, rather than as part of the command.

See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
2022-12-13 11:16:31 +13:00

View File

@ -18,6 +18,9 @@ on:
jobs:
tag:
runs-on: ubuntu-latest
env:
TARGET: ${{ github.event.inputs.target }}
MAIN_VERSION: ${{ github.event.inputs.major_version }}
steps:
# Note this update workflow can also be used as a rollback tool.
# For that reason, it's best to pin `actions/checkout` to a known, stable version
@ -30,6 +33,6 @@ jobs:
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Tag new target
run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
run: git tag -f "$MAIN_VERSION" "$TARGET"
- name: Push new tag
run: git push origin ${{ github.event.inputs.major_version }} --force
run: git push origin "$MAIN_VERSION" --force