1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

chore: avoids code injection through git commit (#4147)

## About the changes
Avoids code injection via the committer name or email

Also removes pushing to s3 on `main` folder as it's not used and we're
already pushing to `commits` folder
This commit is contained in:
Gastón Fournier 2023-07-05 13:35:12 +02:00 committed by GitHub
parent 321265e0ed
commit 1f7a948f6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 9 deletions

View File

@ -46,11 +46,3 @@ jobs:
CI: true
TEST_DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres
DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Publish static assets to S3
run: |
aws s3 cp frontend/build s3://getunleash-static/unleash/main/$(git rev-parse HEAD) --recursive

View File

@ -26,6 +26,8 @@ jobs:
- uses: actions/checkout@v3
- name: Trigger sync
uses: actions/github-script@v6
env:
COMMIT_ACTOR: ${{ github.event.commits[0].author.name }} <${{ github.event.commits[0].author.email }}>
with:
github-token: ${{ secrets.UNLEASH_CI_BUILDER_GITHUB_TOKEN }}
script: |
@ -36,7 +38,7 @@ jobs:
ref: 'master',
inputs: {
commit: "${{ github.event.head_commit.id }}",
actor: "${{ github.event.commits[0].author.name }} <${{ github.event.commits[0].author.email }}>",
actor: "${{ env.COMMIT_ACTOR }}",
message: ${{ toJSON(github.event.head_commit.message) }},
}
})