diff options
| author |  Fred K. Schott <fkschott@gmail.com>
| 2022-02-14 10:43:12 -0800 |
|---|---|---|
| committer | Fred K. Schott <fkschott@gmail.com>
| 2022-02-14 10:43:12 -0800 |
| commit | 650fb1aa51a1c843c10bc89a11732b45a6345b00 (patch) | |
| tree | c80b517ed6eb75f33ea6d943202011086cb16297 | |
| parent | f84848226d9aa0876a854e5195184925cc793781 (diff) | |
| download | astro-650fb1aa51a1c843c10bc89a11732b45a6345b00.tar.gz astro-650fb1aa51a1c843c10bc89a11732b45a6345b00.tar.zst astro-650fb1aa51a1c843c10bc89a11732b45a6345b00.zip | |
fix security issue: untrusted ci output
| -rw-r--r-- | .github/workflows/issue.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/main.yml | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index e1696570f..df36439f5 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -12,8 +12,6 @@ jobs: runs-on: ubuntu-latest name: Auto-assign new issues to projects steps: - - run: echo "${{github.event.issue.title}}" - - name: Assign Bugs to the Bug Tracker uses: srggrs/assign-one-project-github-action@1.2.1 if: github.event.action == 'opened' && startsWith(github.event.issue.title, '🐛 BUG:') diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3dc03bf20..e92f0c627 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,8 +20,10 @@ jobs: runs-on: ubuntu-latest steps: - id: setup + env: + MESSAGE: ${{ github.event.commits[0].message }} run: | - TRIMMED=$(echo "${{ github.event.commits[0].message }}" | sed '1!d;q') + TRIMMED=$(echo "$MESSAGE" | sed '1!d;q') echo "::set-output name=COMMIT_MSG::${TRIMMED}" - name: Send a Discord notification when a PR is merged env: |