Replace github.ref with GITHUB_REF in build.yml scripts (#4857)

Data should be separated from code where possible to avoid injection (CWE-78). * https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections * https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables
2024-11-21 12:05:42 +01:00 · 2024-10-17 08:50:31 -07:00 · 2024-10-17 08:50:31 -07:00 · 1fb366d42b
commit 1fb366d42b
parent d6cd73cfcc
1 changed files with 3 additions and 3 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -311,7 +311,7 @@ jobs:
          github.ref == 'refs/heads/hotfix-rc'
        run: |
          # Set proper setup image based on branch
-          case "${{ github.ref }}" in
+          case "$GITHUB_REF" in
            "refs/heads/main")
                SETUP_IMAGE="$_AZ_REGISTRY/setup:dev"
                ;;
@ -528,9 +528,9 @@ jobs:
              workflow_id: 'build-unified.yml',
              ref: 'main',
              inputs: {
-                server_branch: '${{ github.ref }}'
+                server_branch: process.env.GITHUB_REF
              }
-            })
+            });

  trigger-k8s-deploy:
    name: Trigger k8s deploy