admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

workflows/vendor-version: fix template-injection warnings

Browse Source 
Fixes https://github.com/Homebrew/brew/security/code-scanning/40
Fixes https://github.com/Homebrew/brew/security/code-scanning/41
This commit is contained in:
Carlo Cabrera 2024-10-30 22:20:14 +08:00
parent 6469a24e46
commit 6bddbb5cf3
No known key found for this signature in database
GPG Key ID: C74D447FC549A1D0
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/vendor-version.yml vendored
View File

@ -37,7 +37,7 @@ jobs:
working-directory: ${{ steps.set-up-homebrew.outputs.gems-path }}/${{ steps.ruby-abi.outputs.version }}/gems
run: |
{
echo "vendor-version=$(cat ../.homebrew_vendor_version)"
echo "vendor-version=$(<../.homebrew_vendor_version)"
echo "ignored<<EOS"
git check-ignore -- *
echo "EOS"
@ -45,12 +45,14 @@ jobs:
- name: Compare to base ref
working-directory: ${{ steps.set-up-homebrew.outputs.gems-path }}/${{ steps.ruby-abi.outputs.version }}
env:
VENDOR_VERSION: ${{ steps.gem-info.outputs.vendor-version }}
IGNORED_GEMS: ${{ steps.gem-info.outputs.ignored }}
run: |
git checkout "origin/${GITHUB_BASE_REF}"
rm .homebrew_vendor_version
brew install-bundler-gems --groups=all
if [[ "$(cat .homebrew_vendor_version)" == "${{ steps.gem-info.outputs.vendor-version }}" ]]; then
ignored_gems="${{ steps.gem-info.outputs.ignored }}"
if [[ "$(<.homebrew_vendor_version)" == "${VENDOR_VERSION}" ]]; then
while IFS= read -r gem; do
gem_dir="./gems/${gem}"
[[ -d "${gem_dir}" ]] || continue
@ -64,5 +66,5 @@ jobs:
fi
exit "${exit_code}"
fi
done <<< "${ignored_gems}"
done <<< "${IGNORED_GEMS}"
fi