[semgrep] Fixed YAML warnings

``` [WARN] Syntax error at line .github/workflows/test.yml:113: When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected ```
netromdk · Jul 9, 2023 · 90bae2f · 90bae2f
1 parent 2f76e77
commit 90bae2f
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 5 deletions.
diff --git a/.github/workflows/snyk-schedule.yml b/.github/workflows/snyk-schedule.yml
@@ -37,7 +37,9 @@ jobs:
       - name: Upgrade Pip
         run: pip3 install --upgrade pip
       - name: Install requirements
-        run: python3 -m pip install -r misc/.${{matrix.requirements}}-requirements.txt
+        env:
+          reqs: ${{ matrix.requirements }}
+        run: python3 -m pip install -r misc/.$reqs-requirements.txt
 
       - name: Install Snyk
         run: npm install -g snyk
@@ -48,7 +50,8 @@ jobs:
           FORCE_COLOR: 2
           SNYK_INTEGRATION_NAME: GITHUB_ACTIONS
           SNYK_INTEGRATION_VERSION: python
-        run: snyk test --project-name=vermin --package-manager=pip --file=misc/.${{matrix.requirements}}-requirements.txt --command=python3 --sarif-file-output=snyk-${{matrix.requirements}}.sarif --show-vulnerable-paths=all --print-deps
+          reqs: ${{ matrix.requirements }}
+        run: snyk test --project-name=vermin --package-manager=pip --file=misc/.$reqs-requirements.txt --command=python3 --sarif-file-output=snyk-$reqs.sarif --show-vulnerable-paths=all --print-deps
 
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -37,7 +37,9 @@ jobs:
       - name: Upgrade Pip
         run: pip3 install --upgrade pip
       - name: Install requirements
-        run: python3 -m pip install -r misc/.${{matrix.requirements}}-requirements.txt
+        env:
+          reqs: ${{ matrix.requirements }}
+        run: python3 -m pip install -r misc/.$reqs-requirements.txt
 
       - name: Install Snyk
         run: npm install -g snyk
@@ -47,4 +49,5 @@ jobs:
           FORCE_COLOR: 2
           SNYK_INTEGRATION_NAME: GITHUB_ACTIONS
           SNYK_INTEGRATION_VERSION: python
-        run: snyk test --project-name=vermin --package-manager=pip --file=misc/.${{matrix.requirements}}-requirements.txt --command=python3 --show-vulnerable-paths=all --print-deps
+          reqs: ${{ matrix.requirements }}
+        run: snyk test --project-name=vermin --package-manager=pip --file=misc/.$reqs-requirements.txt --command=python3 --show-vulnerable-paths=all --print-deps
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -102,7 +102,8 @@ jobs:
         COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
         COVERALLS_FLAG_NAME: ${{ matrix.os }}-${{ matrix.python-version }}
         COVERALLS_PARALLEL: true
-      run: ${{ matrix.test_script_name }}
+        test_script_name: ${{ matrix.test_script_name }}
+      run: $test_script_name
 
   # When all parallel tests are done and uploaded, the coveralls session can be signalled as
   # finished.