(camel) 01/01: (chores) ci: fix vulnerability by using directly referenced action

Mon, 27 May 2024 08:39:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

nfilotto pushed a commit to branch essobedo/fix-rce-in-comment-action
in repository https://gitbox.apache.org/repos/asf/camel.git

commit e9aa1728803565f53b09f5036b8d25a0d47877f2
Author: Nicolas Filotto <[email protected]>
AuthorDate: Mon May 27 17:38:40 2024 +0200

    (chores) ci: fix vulnerability by using directly referenced action
---
 .github/actions/component-test/action.yaml | 4 ++--
 .github/workflows/pr-comment.yml           | 2 +-
 .gitmodules                                | 3 ---
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/.github/actions/component-test/action.yaml 
b/.github/actions/component-test/action.yaml
index 4c1b456d1d5..ddbd53b4bb6 100644
--- a/.github/actions/component-test/action.yaml
+++ b/.github/actions/component-test/action.yaml
@@ -65,7 +65,7 @@ runs:
         path: tests.log
     - name: Success comment
       if: success() 
-      uses: ./.github/actions/create-or-update-comment
+      uses: peter-evans/create-or-update-comment@v3
       with:
         comment-id: ${{ inputs.comment-id }}
         edit-mode: replace
@@ -75,7 +75,7 @@ runs:
           **Result** :white_check_mark: The tests passed successfully
     - name: Failure comment
       if: failure() 
-      uses: ./.github/actions/create-or-update-comment
+      uses: peter-evans/create-or-update-comment@v3
       with:
         comment-id: ${{ inputs.comment-id }}
         edit-mode: replace
diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml
index a1fbb7e743f..4c41152a19e 100644
--- a/.github/workflows/pr-comment.yml
+++ b/.github/workflows/pr-comment.yml
@@ -47,7 +47,7 @@ jobs:
         with:
           ref: ${{ env.pr_sha }}
           submodules: recursive
-      - uses: ./.github/actions/create-or-update-comment
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           issue-number: ${{ github.event.issue.number }}
           body: |
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index e10cc9959c1..00000000000
--- a/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule ".github/actions/create-or-update-comment"]
-       path = .github/actions/create-or-update-comment
-       url = https://github.com/peter-evans/create-or-update-comment.git

Reply via email to