From 03d0fecf172873164a163bbc64bed0f3bf114ed7 Mon Sep 17 00:00:00 2001
From: Hal Blackburn <hal.blackburn@gmail.com>
Date: Tue, 16 May 2023 17:21:20 +0100
Subject: [PATCH] Fix unsafe evaluation of inputs.use-sudo (#124)

The previous code was (presumably mistakenly) running inputs.use-sudo as
a command, which worked assuming it was true or false (as they ignore
their arguments), but this results in the action executing the value of
inputs.use-sudo as a command.

Signed-off-by: Hal Blackburn <hwtb2@cam.ac.uk>
---
 action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index 8fca74b..2540fba 100644
--- a/action.yml
+++ b/action.yml
@@ -176,7 +176,7 @@ runs:
         esac
 
         SUDO=
-        if "${{ inputs.use-sudo }}" == "true" && command -v sudo >/dev/null; then
+        if [[ "${{ inputs.use-sudo }}" == "true" ]] && command -v sudo >/dev/null; then
           SUDO=sudo
         fi