chore: avoids code injection through git commit (#4147)

## About the changes Avoids code injection via the committer name or email Also removes pushing to s3 on `main` folder as it's not used and we're already pushing to `commits` folder
2025-10-27 11:02:16 +01:00 · 2023-07-05 13:35:12 +02:00 · 2023-07-05 13:35:12 +02:00 · 1f7a948f6d
commit 1f7a948f6d
parent 321265e0ed
2 changed files with 3 additions and 9 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -46,11 +46,3 @@ jobs:
          CI: true
          TEST_DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres
          DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres
-      - uses: aws-actions/configure-aws-credentials@v2
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-      - name: Publish static assets to S3
-        run: |
-          aws s3 cp frontend/build s3://getunleash-static/unleash/main/$(git rev-parse HEAD) --recursive
--- a/.github/workflows/notify_enterprise.yaml
+++ b/.github/workflows/notify_enterprise.yaml
@ -26,6 +26,8 @@ jobs:
      - uses: actions/checkout@v3
      - name: Trigger sync
        uses: actions/github-script@v6
+        env:
+          COMMIT_ACTOR: ${{ github.event.commits[0].author.name }} <${{ github.event.commits[0].author.email }}>
        with:
          github-token: ${{ secrets.UNLEASH_CI_BUILDER_GITHUB_TOKEN }}
          script: |
@ -36,7 +38,7 @@ jobs:
              ref: 'master',
              inputs: {
                 commit: "${{ github.event.head_commit.id }}",
-                 actor: "${{ github.event.commits[0].author.name }} <${{ github.event.commits[0].author.email }}>",
+                 actor: "${{ env.COMMIT_ACTOR }}",
                 message: ${{ toJSON(github.event.head_commit.message) }},
              }
            })