marco/plugin-barman-cloud
1
0
Fork 0
mirror of https://github.com/cloudnative-pg/plugin-barman-cloud.git synced 2026-03-09 12:12:21 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(security): harden GitHub Actions workflows against expression injection

Browse Source 
Move ${{ }} expressions from run: blocks into step-level env: blocks,
then reference them as properly-quoted shell variables.

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
This commit is contained in:
Marco Nenciarini 2026-03-03 18:25:22 +01:00
parent f12c978732
commit a15e2dcd07
No known key found for this signature in database
GPG Key ID: 589F03F01BA55038
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/release-please.yml vendored
View File

@ -51,10 +51,12 @@ jobs:
# We use a GitHub token with write permissions to create the release,
# otherwise we won't be able to trigger a new run when pushing on main.
- name: Run release-please
env:
REPO_URL: ${{ github.repository }}
run: |
npx release-please release-pr \
--token="${{ secrets.REPO_PAT }}" \
--repo-url="${{ github.repository }}"
--repo-url="${REPO_URL}"
npx release-please github-release \
--token="${{ secrets.REPO_PAT }}" \
--repo-url="${{ github.repository }}"
--repo-url="${REPO_URL}"