fix: sonar security issues related to input injection (#2114)

spaenleh · web-flow · commit 3033a72610c2 · 2026-04-29T10:21:19.000+02:00
diff --git a/.github/actions/build-images/action.yml b/.github/actions/build-images/action.yml
@@ -25,11 +25,15 @@ runs:
         aws-region: ${{ inputs.aws-region }}
 
     - name: Auth to the ECR
-      run: bash ./docker/auth.sh ${{ inputs.aws-ecr-uri }} ${{ inputs.aws-region }}
+      env:
+        AWS_ECR_URI: ${{ inputs.aws-ecr-uri }}
+        AWS_REGION: ${{ inputs.aws-region }}
+      run: bash ./docker/auth.sh $AWS_ECR_URI $AWS_REGION
       shell: bash
 
     - name: Build and push the images
       env:
         TAG: ${{ inputs.tag }}
-      run: bash ./docker/build.sh ${{ inputs.aws-ecr-uri }} $TAG
+        AWS_ECR_URI: ${{ inputs.aws-ecr-uri }}
+      run: bash ./docker/build.sh $AWS_ECR_URI $TAG
       shell: bash
