mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
chore: avoids code injection through git commit (#4147)
## About the changes Avoids code injection via the committer name or email Also removes pushing to s3 on `main` folder as it's not used and we're already pushing to `commits` folder
This commit is contained in:
parent
321265e0ed
commit
1f7a948f6d
8
.github/workflows/build.yaml
vendored
8
.github/workflows/build.yaml
vendored
@ -46,11 +46,3 @@ jobs:
|
||||
CI: true
|
||||
TEST_DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres
|
||||
DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres
|
||||
- uses: aws-actions/configure-aws-credentials@v2
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
|
||||
- name: Publish static assets to S3
|
||||
run: |
|
||||
aws s3 cp frontend/build s3://getunleash-static/unleash/main/$(git rev-parse HEAD) --recursive
|
||||
|
4
.github/workflows/notify_enterprise.yaml
vendored
4
.github/workflows/notify_enterprise.yaml
vendored
@ -26,6 +26,8 @@ jobs:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Trigger sync
|
||||
uses: actions/github-script@v6
|
||||
env:
|
||||
COMMIT_ACTOR: ${{ github.event.commits[0].author.name }} <${{ github.event.commits[0].author.email }}>
|
||||
with:
|
||||
github-token: ${{ secrets.UNLEASH_CI_BUILDER_GITHUB_TOKEN }}
|
||||
script: |
|
||||
@ -36,7 +38,7 @@ jobs:
|
||||
ref: 'master',
|
||||
inputs: {
|
||||
commit: "${{ github.event.head_commit.id }}",
|
||||
actor: "${{ github.event.commits[0].author.name }} <${{ github.event.commits[0].author.email }}>",
|
||||
actor: "${{ env.COMMIT_ACTOR }}",
|
||||
message: ${{ toJSON(github.event.head_commit.message) }},
|
||||
}
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user