(incubator-kie-tools) branch main updated: NO-ISSUE: Fix CodeQL expression injection in GitHub Actions workflows (#2150)

Thu, 08 Feb 2024 10:17:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

tiagobento pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git


The following commit(s) were added to refs/heads/main by this push:
     new 7a29f561577 NO-ISSUE: Fix CodeQL expression injection in GitHub 
Actions workflows (#2150)
7a29f561577 is described below

commit 7a29f56157710bf74bd0699edee5f8df8bbf7cc5
Author: Rodrigo Antunes <[email protected]>
AuthorDate: Thu Feb 8 15:17:11 2024 -0300

    NO-ISSUE: Fix CodeQL expression injection in GitHub Actions workflows 
(#2150)
---
 .github/actions/checkout-pr/action.yml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/.github/actions/checkout-pr/action.yml 
b/.github/actions/checkout-pr/action.yml
index 400b00ecfc1..a27d045f842 100644
--- a/.github/actions/checkout-pr/action.yml
+++ b/.github/actions/checkout-pr/action.yml
@@ -38,21 +38,25 @@ runs:
     - name: "Merge PR changes (squashed)"
       id: merge_changes
       shell: bash
+      env:
+        PR_HEAD_REPO_NAME: ${{ github.event.pull_request.head.repo.name }}
+        PR_HEAD_LABEL: ${{ github.event.pull_request.head.label }}
+        HEAD_REF: ${{ github.head_ref  }}
       run: |
         echo "STEP: Merge PR changes (squashed)"
         cd ${{ inputs.path }}
         if [ ${{ github.event.pull_request }} ]; then
-          user=$(node -e "console.log('${{ 
github.event.pull_request.head.label }}'.match(/(.+)\:(.+)$/)[1])")
-
-          echo "Merge changes from $user/${{ github.head_ref }}"
-          git remote add $user https://github.com/$user/${{ 
github.event.pull_request.head.repo.name }}.git
-          git fetch $user ${{ github.head_ref }}
+          USER=$(node -e 
"console.log('$PR_HEAD_LABEL'.match(/(.+)\:(.+)$/)[1])")
 
+          echo "Merge changes from $USER/$HEAD_REF"
+          git remote add $USER https://github.com/$USER/$PR_HEAD_REPO_NAME.git
+          git fetch $USER $HEAD_REF
+          
           echo "Before merging..."
           git log -n 1
           echo "base_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
 
-          git merge --squash $user/${{ github.head_ref }}
+          git merge --squash $USER/$HEAD_REF
           git commit --no-edit
 
           echo "After merging..."


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to