LaconicNetwork/cosmos-sdk
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

ci: fix github workflow vulnerable to script injection (#21304)

Browse Source 
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
This commit is contained in:
Diogo Teles Sant'Anna 2024-08-15 10:48:50 -03:00 committed by GitHub
parent 55a60856de
commit adf5d1b3bb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/dependabot-update-all.yml vendored
View File

@ -4,6 +4,9 @@ on: pull_request
permissions:
pull-requests: write
env:
PR_TITLE: ${{ github.event.pull_request.title }}
jobs:
update-all:
runs-on: ubuntu-latest
@ -25,8 +28,8 @@ jobs:
# Extract the dependency name from the PR title
# Example: "build(deps): Bump github.com/cosmos/cosmos-sdk from 0.46.0 to 0.47.0"
# Extracts "github.com/cosmos/cosmos-sdk" and "0.47.0"
echo "name=$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)" >> $GITHUB_OUTPUT
echo "version=$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 7)" >> $GITHUB_OUTPUT
echo "name=$(echo "$PR_TITLE" | cut -d ' ' -f 3)" >> $GITHUB_OUTPUT
echo "version=$(echo "$PR_TITLE" | cut -d ' ' -f 7)" >> $GITHUB_OUTPUT
- name: Update all Go modules
run: |
./scripts/go-update-dep-all.sh ${{ format('{0}@v{1}', steps.deps.outputs.name, steps.deps.outputs.version) }}