Skip to content

Commit

Permalink
Merge pull request #527 from oasisprotocol/pro-wh/bugfix/ciinject
Browse files Browse the repository at this point in the history
CI: fix command injection plus other changes
  • Loading branch information
pro-wh authored Apr 30, 2024
2 parents 85ef86c + 323347c commit 1dab2cb
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 6 deletions.
1 change: 1 addition & 0 deletions .changelog/527.internal.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
CI: fix command injection plus other changes
9 changes: 7 additions & 2 deletions .github/workflows/ci-dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,13 @@ jobs:
run: |
echo "FILE_NAME=.changelog/${{ github.event.pull_request.number }}.internal.md" >> $GITHUB_OUTPUT
- name: Create Change Log file
env:
# There's no support for escaping this for use in a shell command.
# GitHub's recommendation is to pass it through the environment.
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TITLE: ${{ github.event.pull_request.title }}
run: |
echo ${{ github.event.pull_request.title }} > ${{ steps.vars.outputs.FILE_NAME }}
echo "$TITLE" > ${{ steps.vars.outputs.FILE_NAME }}
- name: Commit Change Log file
run: |
# Set git user email and name to match author of the last commit.
Expand All @@ -44,4 +49,4 @@ jobs:
git commit --amend --no-edit
- name: Push changes back to branch
run: |
git push --force-with-lease origin HEAD:refs/heads/${{ github.head_ref }}
git push --force-with-lease origin "HEAD:refs/heads/$GITHUB_HEAD_REF"
6 changes: 2 additions & 4 deletions .github/workflows/ci-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,8 @@ jobs:
# is able to compare the current branch with the base branch.
# Source: https://github.com/actions/checkout/#fetch-all-branches.
run: |
git fetch --no-tags origin +refs/heads/${BASE_BRANCH}:refs/remotes/origin/${BASE_BRANCH}
towncrier check --compare-with origin/${BASE_BRANCH}
env:
BASE_BRANCH: ${{ github.base_ref }}
git fetch --no-tags origin "+refs/heads/${GITHUB_BASE_REF}:refs/remotes/origin/${GITHUB_BASE_REF}"
towncrier check --compare-with "origin/${GITHUB_BASE_REF}"
if: github.event_name == 'pull_request'
- name: Lint git commits
run: |
Expand Down

0 comments on commit 1dab2cb

Please sign in to comment.