This is an automated email from the ASF dual-hosted git repository.
pcongiusti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new c89abb4ac3f9 fix(ci): don't allow injection
c89abb4ac3f9 is described below
commit c89abb4ac3f9a1498dd40634af5a6f3af4af982b
Author: Pasquale Congiusti <[email protected]>
AuthorDate: Mon Oct 6 10:06:19 2025 +0200
fix(ci): don't allow injection
---
.github/actions/incremental-build/action.yaml | 7 +++++--
.github/actions/install-mvnd/action.yml | 15 ++++++++++++---
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/.github/actions/incremental-build/action.yaml
b/.github/actions/incremental-build/action.yaml
index 69bdcd280c0f..0166f9d3aad1 100644
--- a/.github/actions/incremental-build/action.yaml
+++ b/.github/actions/incremental-build/action.yaml
@@ -47,10 +47,13 @@ runs:
with:
dry-run: ${{ inputs.skip-mvnd-install }}
- name: maven build
- shell: bash
- run: ${{ github.action_path }}/incremental-build.sh ${{
steps.install-mvnd.outputs.mvnd-dir }}/mvnd ${{ inputs.mode }} ${{ inputs.pr-id
}} ${{ inputs.github-repo }}
env:
GITHUB_TOKEN: ${{ inputs.github-token }}
+ MODE: ${{ inputs.mode }}
+ PR_ID: ${{ inputs.pr-id }}
+ GITHUB_REPO: ${{ inputs.github-repo }}
+ shell: bash
+ run: ${{ github.action_path }}/incremental-build.sh ${{
steps.install-mvnd.outputs.mvnd-dir }}/mvnd $MODE $PR_ID $GITHUB_REPO
- name: archive logs
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #
v4.6.2
if: always()
diff --git a/.github/actions/install-mvnd/action.yml
b/.github/actions/install-mvnd/action.yml
index da7919895956..e2ac5e482f1f 100644
--- a/.github/actions/install-mvnd/action.yml
+++ b/.github/actions/install-mvnd/action.yml
@@ -37,12 +37,18 @@ outputs:
runs:
using: "composite"
steps:
- - run: curl -fsSL -o mvnd.zip https://downloads.apache.org/maven/mvnd/${{
inputs.version }}/maven-mvnd-${{ inputs.version }}-${{ inputs.distribution
}}.zip
+ - run: curl -fsSL -o mvnd.zip
https://downloads.apache.org/maven/mvnd/$VERSION/maven-mvnd-$VERSION-$DISTRIBUTION.zip
if: inputs.dry-run == 'false'
shell: bash
- - run: curl -fsSL -o mvnd.zip.sha256
https://downloads.apache.org/maven/mvnd/${{ inputs.version }}/maven-mvnd-${{
inputs.version }}-${{ inputs.distribution }}.zip.sha256
+ env:
+ VERSION: ${{ inputs.version }}
+ DISTRIBUTION: ${{ inputs.distribution }}
+ - run: curl -fsSL -o mvnd.zip.sha256
https://downloads.apache.org/maven/mvnd/$VERSION/maven-mvnd-$VERSION-$DISTRIBUTION.zip.sha256
if: inputs.dry-run == 'false'
shell: bash
+ env:
+ VERSION: ${{ inputs.version }}
+ DISTRIBUTION: ${{ inputs.distribution }}
- id: integrity-check
run: echo "$(cat mvnd.zip.sha256) mvnd.zip" | sha256sum --check
if: inputs.dry-run == 'false'
@@ -51,8 +57,11 @@ runs:
if: inputs.dry-run == 'false'
shell: bash
- id: mvnd-location
- run: echo "mvnd-dir=/tmp/maven-mvnd-${{ inputs.version }}-${{
inputs.distribution }}/bin" >> $GITHUB_OUTPUT
+ run: echo "mvnd-dir=/tmp/maven-mvnd-$VERSION-$DISTRIBUTION/bin" >>
$GITHUB_OUTPUT
shell: bash
+ env:
+ VERSION: ${{ inputs.version }}
+ DISTRIBUTION: ${{ inputs.distribution }}
- id: mvnd-opts
run: echo "MVND_OPTS=-P apache-snapshots -V -e -ntp -Dmvnd.threads=2
-Daether.connector.http.connectionMaxTtl=120
-Daether.connector.requestTimeout=300000 -Daether.dependencyCollector.impl=bf
-Dmaven.artifact.threads=25 -Dci.env.name=github.com
-Dsurefire.rerunFailingTestsCount=2 -Dfailsafe.rerunFailingTestsCount=2" >>
$GITHUB_ENV
shell: bash
