From 8aea930151c711b5d9789e535d60301906ee169c Mon Sep 17 00:00:00 2001
From: Guillaume LEGENDRE <glegendre01@gmail.com>
Date: Wed, 29 Jan 2025 10:35:53 +0100
Subject: [PATCH] (FIX): CI Security Fix - branchname injection

---
 .github/workflows/build.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 8a2880a8..fa0f95f5 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -31,8 +31,10 @@ jobs:
         uses: actions/checkout@v3
 
       - id: set-matrix
+        env:
+          GITHUB_REF: ${{ github.ref }}
         run: |
-          branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g')
+          branchName=$(echo $GITHUB_REF | sed 's,refs/heads/,,g')
           matrix=$(jq --arg branchName "$branchName" 'map(. | select((.runOn==$branchName) or (.runOn=="always")) )' .github/workflows/matrix.json)
           echo "{\"include\":$(echo $matrix)}"
           echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"