Skip to content

Commit d51ece3

Browse files
ghostdevvghostdevv
committed
chore: mitigate potential template injection
See https://docs.zizmor.sh/audits/#template-injection
1 parent c32d93c commit d51ece3

1 file changed

Lines changed: 12 additions & 6 deletions

File tree

.github/workflows/publish.yml

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,12 @@ jobs:
2828

2929
- name: Get Version
3030
id: vars
31-
run: echo ::set-output name=version::$(echo ${{github.ref_name}} | sed 's/^v//')
31+
run: echo ::set-output name=version::$(echo ${GITHUB_REF_NAME} | sed 's/^v//')
3232

3333
- name: Build JSR
34-
run: deno task build:jsr ${{steps.vars.outputs.version}}
34+
run: deno task build:jsr ${STEPS_VARS_OUTPUTS_VERSION}
35+
env:
36+
STEPS_VARS_OUTPUTS_VERSION: ${{steps.vars.outputs.version}}
3537

3638
- name: dry run publish
3739
run: deno publish --dry-run --allow-dirty
@@ -55,7 +57,7 @@ jobs:
5557

5658
- name: Get Version
5759
id: vars
58-
run: echo ::set-output name=version::$(echo ${{github.ref_name}} | sed 's/^v//')
60+
run: echo ::set-output name=version::$(echo ${GITHUB_REF_NAME} | sed 's/^v//')
5961

6062
- name: Setup Node
6163
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -65,7 +67,9 @@ jobs:
6567
cache: ''
6668

6769
- name: Build NPM
68-
run: deno task build:npm ${{steps.vars.outputs.version}}
70+
run: deno task build:npm ${STEPS_VARS_OUTPUTS_VERSION}
71+
env:
72+
STEPS_VARS_OUTPUTS_VERSION: ${{steps.vars.outputs.version}}
6973

7074
- name: dry run publish
7175
run: npm publish --dry-run --tag=verify
@@ -126,10 +130,12 @@ jobs:
126130

127131
- name: Get Version
128132
id: vars
129-
run: echo ::set-output name=version::$(echo ${{github.ref_name}} | sed 's/^v//')
133+
run: echo ::set-output name=version::$(echo ${GITHUB_REF_NAME} | sed 's/^v//')
130134

131135
- name: Build JSR
132-
run: deno task build:jsr ${{steps.vars.outputs.version}}
136+
run: deno task build:jsr ${STEPS_VARS_OUTPUTS_VERSION}
137+
env:
138+
STEPS_VARS_OUTPUTS_VERSION: ${{steps.vars.outputs.version}}
133139

134140
- name: Publish JSR
135141
run: deno publish --allow-dirty --token=${{ secrets.JSR_TOKEN }}

0 commit comments

Comments
 (0)