ci: avoid branch name injection (#46524)

This commit is contained in:
vagusX 2023-12-19 11:23:53 +08:00 committed by GitHub
parent 3c2205874c
commit 3825cbca54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 4 deletions

View File

@ -87,8 +87,11 @@ jobs:
# Execute visual regression diff task and zip then # Execute visual regression diff task and zip then
# output as visualRegressionReport.tar.gz # output as visualRegressionReport.tar.gz
- name: visual regression diff - name: visual regression diff
env:
EVENT_NUMBER: ${{ github.event.number }}
BASE_REF: ${{ github.base_ref }}
run: | run: |
npm run visual-regression -- --pr-id=${{ github.event.number }} --base-ref=${{ github.base_ref}} npm run visual-regression -- --pr-id=$EVENT_NUMBER --base-ref=$BASE_REF
# Upload report in `visualRegressionReport` # Upload report in `visualRegressionReport`
- name: upload report artifact - name: upload report artifact

View File

@ -92,6 +92,7 @@ jobs:
env: env:
ALI_OSS_AK_ID: ${{ secrets.ALI_OSS_AK_ID }} ALI_OSS_AK_ID: ${{ secrets.ALI_OSS_AK_ID }}
ALI_OSS_AK_SECRET: ${{ secrets.ALI_OSS_AK_SECRET }} ALI_OSS_AK_SECRET: ${{ secrets.ALI_OSS_AK_SECRET }}
PR_ID: ${{ steps.pr.outputs.id }}
run: | run: |
mkdir ./visualRegressionReport mkdir ./visualRegressionReport
tar -xzvf visualRegressionReport.tar.gz -C ./visualRegressionReport tar -xzvf visualRegressionReport.tar.gz -C ./visualRegressionReport
@ -102,7 +103,7 @@ jobs:
echo "✅ Install `ali-oss` Finished" echo "✅ Install `ali-oss` Finished"
echo "🤖 Uploading" echo "🤖 Uploading"
node scripts/visual-regression/upload.js ./visualRegressionReport --ref=pr-${{ steps.pr.outputs.id }} node scripts/visual-regression/upload.js ./visualRegressionReport --ref=pr-$PR_ID
echo "✅ Uploaded" echo "✅ Uploaded"
delimiter="$(openssl rand -hex 8)" delimiter="$(openssl rand -hex 8)"

View File

@ -90,13 +90,15 @@ jobs:
env: env:
ALI_OSS_AK_ID: ${{ secrets.ALI_OSS_AK_ID }} ALI_OSS_AK_ID: ${{ secrets.ALI_OSS_AK_ID }}
ALI_OSS_AK_SECRET: ${{ secrets.ALI_OSS_AK_SECRET }} ALI_OSS_AK_SECRET: ${{ secrets.ALI_OSS_AK_SECRET }}
HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
run: | run: |
rm package.json rm package.json
npm i ali-oss --no-save npm i ali-oss --no-save
echo "✅ Install `ali-oss` Finished" echo "✅ Install `ali-oss` Finished"
echo "🤖 Uploading" echo "🤖 Uploading"
node scripts/visual-regression/upload.js ./imageSnapshots.tar.gz --ref=${{ github.event.workflow_run.head_sha }} node scripts/visual-regression/upload.js ./imageSnapshots.tar.gz --ref=$HEAD_SHA
node scripts/visual-regression/upload.js ./visual-regression-ref.txt --ref=${{ github.event.workflow_run.head_branch }} node scripts/visual-regression/upload.js ./visual-regression-ref.txt --ref=$HEAD_BRANCH
echo "✅ Uploaded" echo "✅ Uploaded"