Re: [PR] chore(ci): resolve remaining GitHub Actions static-analysis findings [superset]

Sat, 30 May 2026 10:33:42 -0700 


rusackas commented on code in PR #40556:
URL: https://github.com/apache/superset/pull/40556#discussion_r3329074960


##########
.github/workflows/ephemeral-env.yml:
##########
@@ -319,12 +321,16 @@ jobs:
           INPUT_ISSUE_NUMBER: ${{ github.event.inputs.issue_number || 
github.event.pull_request.number }}
       - name: Get network interface
         id: get-eni
+        env:
+          TASK_ARN: ${{ steps.list-tasks.outputs.task }}
         run: |
-          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ 
steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | 
map(select(.name=="networkInterfaceId"))[0].value')" >> $GITHUB_OUTPUT
+          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks 
"$TASK_ARN" | jq '.tasks[0].attachments[0].details | 
map(select(.name=="networkInterfaceId"))[0].value')" >> $GITHUB_OUTPUT
       - name: Get public IP
         id: get-ip
+        env:
+          ENI_ID: ${{ steps.get-eni.outputs.eni }}
         run: |
-          echo "ip=$(aws ec2 describe-network-interfaces 
--network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r 
'.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
+          echo "ip=$(aws ec2 describe-network-interfaces 
--network-interface-ids "$ENI_ID" | jq -r '.NetworkInterfaces | first | 
.Association.PublicIp')" >> $GITHUB_OUTPUT

Review Comment:
   This comment references `steps.list-tasks.outputs.task` and 
`steps.get-eni.outputs.eni` from `ephemeral-env.yml`, but that file is not 
touched by this PR at all. The PR only modifies workflow files to move inline 
context expressions into step `env:` blocks for zizmor hardening — none of 
which involve those specific steps. The concern doesn't apply here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to