Skip to content

Commit 4e92eaa

Browse files
tdrueztdruez
committed
harden shell quoting
Signed-off-by: tdruez <tdruez@aboutcode.org>
1 parent 0dd36d5 commit 4e92eaa

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

action.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -62,23 +62,23 @@ runs:
6262
env:
6363
INPUT_PROJECT_NAME: ${{ inputs.project-name }}
6464
run: |
65-
echo "SECRET_KEY=$(openssl rand -base64 32)" >> $GITHUB_ENV
66-
echo "SCANCODEIO_DB_NAME=scancodeio" >> $GITHUB_ENV
67-
echo "SCANCODEIO_DB_USER=scancodeio" >> $GITHUB_ENV
68-
echo "SCANCODEIO_DB_PASSWORD=scancodeio" >> $GITHUB_ENV
65+
echo "SECRET_KEY=$(openssl rand -base64 32)" >> "$GITHUB_ENV"
66+
echo "SCANCODEIO_DB_NAME=scancodeio" >> "$GITHUB_ENV"
67+
echo "SCANCODEIO_DB_USER=scancodeio" >> "$GITHUB_ENV"
68+
echo "SCANCODEIO_DB_PASSWORD=scancodeio" >> "$GITHUB_ENV"
6969
# Sanitize project name for artifact usage
7070
SAFE_PROJECT_NAME="${INPUT_PROJECT_NAME//[^a-zA-Z0-9._-]/_}"
71-
echo "SAFE_PROJECT_NAME=$SAFE_PROJECT_NAME" >> $GITHUB_ENV
71+
echo "SAFE_PROJECT_NAME=$SAFE_PROJECT_NAME" >> "$GITHUB_ENV"
7272
7373
- name: Detect if ScanCode.io is already installed
7474
shell: bash
7575
run: |
7676
if command -v scanpipe &> /dev/null; then
7777
echo "ScanCode.io already installed."
78-
echo "SCANCODEIO_IS_INSTALLED=true" >> $GITHUB_ENV
78+
echo "SCANCODEIO_IS_INSTALLED=true" >> "$GITHUB_ENV"
7979
else
8080
echo "ScanCode.io not found."
81-
echo "SCANCODEIO_IS_INSTALLED=false" >> $GITHUB_ENV
81+
echo "SCANCODEIO_IS_INSTALLED=false" >> "$GITHUB_ENV"
8282
fi
8383
8484
- name: Start and setup the PostgreSQL service
@@ -101,7 +101,7 @@ runs:
101101
if [ -n "$TRIMMED_EXTRAS" ]; then
102102
SCANCODEIO_PIP_PACKAGE_ARG+="[$TRIMMED_EXTRAS]"
103103
fi
104-
echo "SCANCODEIO_PIP_PACKAGE_ARG=${SCANCODEIO_PIP_PACKAGE_ARG}" >> $GITHUB_ENV
104+
echo "SCANCODEIO_PIP_PACKAGE_ARG=${SCANCODEIO_PIP_PACKAGE_ARG}" >> "$GITHUB_ENV"
105105
106106
- name: Install ScanCode.io (only if not already installed)
107107
if: env.SCANCODEIO_IS_INSTALLED != 'true'
@@ -132,7 +132,7 @@ runs:
132132
for pipeline in "${PIPELINES[@]}"; do
133133
PIPELINE_CLI_ARGS+=" --pipeline $pipeline"
134134
done
135-
echo "PIPELINE_CLI_ARGS=${PIPELINE_CLI_ARGS}" >> $GITHUB_ENV
135+
echo "PIPELINE_CLI_ARGS=${PIPELINE_CLI_ARGS}" >> "$GITHUB_ENV"
136136
137137
- name: Generate `--input-url` CLI arguments
138138
shell: bash
@@ -147,7 +147,7 @@ runs:
147147
echo "::warning::Skipping unsupported URL scheme: $url"
148148
fi
149149
done
150-
echo "INPUT_URL_CLI_ARGS=${INPUT_URL_CLI_ARGS}" >> $GITHUB_ENV
150+
echo "INPUT_URL_CLI_ARGS=${INPUT_URL_CLI_ARGS}" >> "$GITHUB_ENV"
151151
152152
- name: Create project
153153
shell: bash
@@ -165,7 +165,7 @@ runs:
165165
run: |
166166
project_status=$(scanpipe status --project "$INPUT_PROJECT_NAME")
167167
work_directory=$(echo "$project_status" | grep -oP 'Work directory:\s*\K[^\n]+')
168-
echo "PROJECT_WORK_DIRECTORY=$work_directory" >> $GITHUB_ENV
168+
echo "PROJECT_WORK_DIRECTORY=$work_directory" >> "$GITHUB_ENV"
169169
170170
- name: Copy input files to project work directory
171171
if: ${{ !inputs.input-urls }}

0 commit comments

Comments
 (0)