Fix CI command injection vulnerability
See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
This commit is contained in:
Stypox
parent
417b66f912
commit
1df8a59aa4
1 changed files with 3 additions and 1 deletions
4
.github/workflows/ci.yml
vendored
4
.github/workflows/ci.yml
vendored
|
|
@ -42,7 +42,9 @@ jobs:
|
|||
- name: create and checkout branch
|
||||
# push events already checked out the branch
|
||||
if: github.event_name == 'pull_request'
|
||||
run: git checkout -B ${{ github.head_ref }}
|
||||
env:
|
||||
BRANCH: ${{ github.head_ref }}
|
||||
run: git checkout -B "$BRANCH"
|
||||
|
||||
- name: set up JDK 17
|
||||
uses: actions/setup-java@v3
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue