Skip to content

Commit

Permalink
fix: github workflow vulnerable to script injection (#9331)
Browse files Browse the repository at this point in the history
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
  • Loading branch information
diogoteles08 authored Aug 12, 2024
1 parent 562015c commit ce5130f
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion .github/workflows/benchmarks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ on:
types: [opened, reopened, synchronize, labeled]
workflow_dispatch:

env:
PR_HEAD_LABEL: ${{ github.event.pull_request.head.label }}

jobs:
benchmark:
if: ${{ contains( github.event.pull_request.labels.*.name, 'run-benchmark') && github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' }}
Expand Down Expand Up @@ -49,7 +52,7 @@ jobs:
# ID this runner
asv machine --yes
echo "Baseline: ${{ github.event.pull_request.base.sha }} (${{ github.event.pull_request.base.label }})"
echo "Contender: ${GITHUB_SHA} (${{ github.event.pull_request.head.label }})"
echo "Contender: ${GITHUB_SHA} ($PR_HEAD_LABEL)"
# Run benchmarks for current commit against base
ASV_OPTIONS="--split --show-stderr --factor $ASV_FACTOR"
asv continuous $ASV_OPTIONS ${{ github.event.pull_request.base.sha }} ${GITHUB_SHA} \
Expand Down

0 comments on commit ce5130f

Please sign in to comment.