(FIX): CI Security Fix - branchname injection

huggingface · Jan 29, 2025 · 8aea930 · 8aea930
1 parent 13dddbd
commit 8aea930
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -31,8 +31,10 @@ jobs:
         uses: actions/checkout@v3
 
       - id: set-matrix
+        env:
+          GITHUB_REF: ${{ github.ref }}
         run: |
-          branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g')
+          branchName=$(echo $GITHUB_REF | sed 's,refs/heads/,,g')
           matrix=$(jq --arg branchName "$branchName" 'map(. | select((.runOn==$branchName) or (.runOn=="always")) )' .github/workflows/matrix.json)
           echo "{\"include\":$(echo $matrix)}"
           echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"