From 68faec1745fd8688b949edc9984ccfcef3045c05 Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Thu, 4 Sep 2025 21:16:50 +0100
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 3: Code
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../workflows/run_tests_on_modified_meta_with_secrets.yml  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/run_tests_on_modified_meta_with_secrets.yml b/.github/workflows/run_tests_on_modified_meta_with_secrets.yml
index 8c8f84506..b2629b36f 100644
--- a/.github/workflows/run_tests_on_modified_meta_with_secrets.yml
+++ b/.github/workflows/run_tests_on_modified_meta_with_secrets.yml
@@ -59,8 +59,11 @@ jobs:
           echo "RCLONE_CONFIG_MLC_NUSCENES_SERVICE_ACCOUNT_CREDENTIALS=${{ steps.op-load-secrets.outputs.GDRIVE_SERVICE_ACCOUNT_KEY }}" >> $GITHUB_ENV
         
       - name: Process meta.yaml file
+        env:
+          HEAD_REF: ${{ github.event.pull_request.head.ref }}
+          HEAD_REPO_URL: ${{ github.event.pull_request.head.repo.html_url }}
         run: |
           echo "Processing ${{ matrix.file_info.file }} (run #${{ matrix.file_info.num_run }})"
           pip install mlcflow
-          mlc pull repo ${{ github.event.pull_request.head.repo.html_url }} --branch=${{ github.event.pull_request.head.ref }}
-          mlc test script ${{ matrix.file_info.uid }} --test_input_index=${{ matrix.file_info.num_run }} --docker_mlc_repo=${{ github.event.pull_request.head.repo.html_url }} --docker_mlc_repo_branch=${{ github.event.pull_request.head.ref }} --quiet
+          mlc pull repo "$HEAD_REPO_URL" --branch="$HEAD_REF"
+          mlc test script ${{ matrix.file_info.uid }} --test_input_index=${{ matrix.file_info.num_run }} --docker_mlc_repo="$HEAD_REPO_URL" --docker_mlc_repo_branch="$HEAD_REF" --quiet

From 24ec554519fa37809344dc1c609a85bf0bacf3d4 Mon Sep 17 00:00:00 2001
From: Arjun Suresh <arjun@gateoverflow.com>
Date: Thu, 4 Sep 2025 21:17:44 +0100
Subject: [PATCH 2/2] Update run_tests_on_modified_meta_with_secrets.yml

---
 .github/workflows/run_tests_on_modified_meta_with_secrets.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/run_tests_on_modified_meta_with_secrets.yml b/.github/workflows/run_tests_on_modified_meta_with_secrets.yml
index b2629b36f..61605d52c 100644
--- a/.github/workflows/run_tests_on_modified_meta_with_secrets.yml
+++ b/.github/workflows/run_tests_on_modified_meta_with_secrets.yml
@@ -59,6 +59,7 @@ jobs:
           echo "RCLONE_CONFIG_MLC_NUSCENES_SERVICE_ACCOUNT_CREDENTIALS=${{ steps.op-load-secrets.outputs.GDRIVE_SERVICE_ACCOUNT_KEY }}" >> $GITHUB_ENV
         
       - name: Process meta.yaml file
+        shell: bash
         env:
           HEAD_REF: ${{ github.event.pull_request.head.ref }}
           HEAD_REPO_URL: ${{ github.event.pull_request.head.repo.html_url }}