Mirrors/NewPipe
1
0
Fork 0
mirror of https://github.com/TeamNewPipe/NewPipe.git synced 2024-11-22 11:02:35 +01:00
Code Issues Releases Activity

Fix CI command injection vulnerability

Browse Source 
See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
This commit is contained in:
Stypox 2023-04-26 16:01:20 +02:00
parent da30e539df
commit 43b0167a3a
No known key found for this signature in database
GPG Key ID: 4BDF1B40A49FDD23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci.yml vendored
View File

@ -42,7 +42,9 @@ jobs:
- name: create and checkout branch - name: create and checkout branch
# push events already checked out the branch # push events already checked out the branch
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
run: git checkout -B ${{ github.head_ref }} env:
BRANCH: ${{ github.head_ref }}
run: git checkout -B "$BRANCH"
- name: set up JDK 17 - name: set up JDK 17
uses: actions/setup-java@v3 uses: actions/setup-java@v3