From 491a543a339a23f04c4aa122f4f4470b213aded6 Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Wed, 15 Jan 2025 22:07:33 +0100 Subject: [PATCH 1/2] Fix update-link-index-action --- actions/update-link-index/action.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/actions/update-link-index/action.yml b/actions/update-link-index/action.yml index 7c0eed867..a66993353 100644 --- a/actions/update-link-index/action.yml +++ b/actions/update-link-index/action.yml @@ -24,9 +24,6 @@ inputs: runs: using: composite steps: - - name: Update Link Index - run: | - echo "Updating link index" - name: Generate AWS Role ARN id: role_arn shell: python @@ -50,7 +47,7 @@ runs: role-to-assume: ${{ steps.role_arn.outputs.result }} aws-region: us-east-1 - name: Upload Link Reference File to S3 - bash: shell + shell: bash run: | repository_name=$(basename "${GITHUB_REPOSITORY}") aws s3 cp ${{ inputs.link_reference_file }} "s3://${{ inputs.aws_s3_bucket_name }}/${repository_name}.json" From 904b0f92aec012051a0b6e49958feff810233c40 Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Wed, 15 Jan 2025 22:10:02 +0100 Subject: [PATCH 2/2] Pass input to env first to avoid script injection --- actions/update-link-index/action.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/actions/update-link-index/action.yml b/actions/update-link-index/action.yml index a66993353..d8418010a 100644 --- a/actions/update-link-index/action.yml +++ b/actions/update-link-index/action.yml @@ -48,6 +48,8 @@ runs: aws-region: us-east-1 - name: Upload Link Reference File to S3 shell: bash + env: + LINK_REFERENCE_FILE: ${{ inputs.link_reference_file }} run: | repository_name=$(basename "${GITHUB_REPOSITORY}") - aws s3 cp ${{ inputs.link_reference_file }} "s3://${{ inputs.aws_s3_bucket_name }}/${repository_name}.json" + aws s3 cp "${LINK_REFERENCE_FILE}" "s3://${{ inputs.aws_s3_bucket_name }}/${repository_name}.json"