Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Code Issues Projects Releases Wiki Activity

Replace github.ref with GITHUB_REF in build.yml scripts (#4857)

Browse Source 
Data should be separated from code where possible to avoid injection (CWE-78).

* https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections
* https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables
This commit is contained in:
AJ 2024-10-17 08:50:31 -07:00 committed by GitHub
parent d6cd73cfcc
commit 1fb366d42b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/build.yml vendored
View File

@ -311,7 +311,7 @@ jobs:
github.ref == 'refs/heads/hotfix-rc' github.ref == 'refs/heads/hotfix-rc'
run: | run: |
# Set proper setup image based on branch # Set proper setup image based on branch
case "${{ github.ref }}" in case "$GITHUB_REF" in
"refs/heads/main") "refs/heads/main")
SETUP_IMAGE="$_AZ_REGISTRY/setup:dev" SETUP_IMAGE="$_AZ_REGISTRY/setup:dev"
;; ;;
@ -528,9 +528,9 @@ jobs:
workflow_id: 'build-unified.yml', workflow_id: 'build-unified.yml',
ref: 'main', ref: 'main',
inputs: { inputs: {
server_branch: '${{ github.ref }}' server_branch: process.env.GITHUB_REF
} }
}) });
trigger-k8s-deploy: trigger-k8s-deploy:
name: Trigger k8s deploy name: Trigger k8s deploy