Skip to content

Commit 6b30104

Browse files
tony-josi-awstony-josi-aws
authored
Merge pull request #37 from tony-josi-aws/main_app_sec_fix
main: Follow security guidelines with github actions
2 parents 8d95796 + 32cb580 commit 6b30104

File tree

1 file changed

+22
-10
lines changed

1 file changed

+22
-10
lines changed

.github/workflows/release.yml

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -24,17 +24,25 @@ jobs:
2424
git config --global user.name ${{ github.actor }}
2525
git config --global user.email ${{ github.actor }}@users.noreply.github.com
2626
- name: create a new branch that references commit id
27-
run: git checkout -b ${{ github.event.inputs.version_number }} ${{ github.event.inputs.commit_id }}
27+
env:
28+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
29+
COMMIT_ID: ${{ github.event.inputs.commit_id }}
30+
run: git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
2831
- name: Tag Commit and Push to remote
32+
env:
33+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
2934
run: |
30-
git tag ${{ github.event.inputs.version_number }} -a -m "Release ${{ github.event.inputs.version_number }}"
35+
git tag "$VERSION_NUMBER" -a -m "Release "$VERSION_NUMBER""
3136
git push origin --tags
3237
- name: Verify tag on remote
38+
env:
39+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
40+
COMMIT_ID: ${{ github.event.inputs.commit_id }}
3341
run: |
34-
git tag -d ${{ github.event.inputs.version_number }}
42+
git tag -d "$VERSION_NUMBER"
3543
git remote update
36-
git checkout tags/${{ github.event.inputs.version_number }}
37-
git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }}
44+
git checkout tags/"$VERSION_NUMBER"
45+
git diff "$COMMIT_ID" tags/"$VERSION_NUMBER"
3846
create-zip:
3947
needs: tag-commit
4048
name: Create ZIP and verify package for release asset.
@@ -53,17 +61,21 @@ jobs:
5361
cd FreeRTOS-LTS
5462
git submodule update --init --checkout --recursive
5563
- name: Create ZIP
64+
env:
65+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
5666
run: |
57-
zip -r FreeRTOSv${{ github.event.inputs.version_number }}.zip FreeRTOS-LTS -x "*.git*"
67+
zip -r FreeRTOSv"$VERSION_NUMBER".zip FreeRTOS-LTS -x "*.git*"
5868
ls ./
5969
- name: Validate created ZIP
70+
env:
71+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
6072
run: |
6173
mkdir zip-check
62-
mv FreeRTOSv${{ github.event.inputs.version_number }}.zip zip-check
74+
mv FreeRTOSv"$VERSION_NUMBER".zip zip-check
6375
cd zip-check
64-
unzip FreeRTOSv${{ github.event.inputs.version_number }}.zip -d FreeRTOSv${{ github.event.inputs.version_number }}
65-
ls FreeRTOSv${{ github.event.inputs.version_number }}
66-
diff -r -x "*.git*" FreeRTOSv${{ github.event.inputs.version_number }}/FreeRTOS-LTS/ ../FreeRTOS-LTS/
76+
unzip FreeRTOSv"$VERSION_NUMBER".zip -d FreeRTOSv"$VERSION_NUMBER"
77+
ls FreeRTOSv"$VERSION_NUMBER"
78+
diff -r -x "*.git*" FreeRTOSv"$VERSION_NUMBER"/FreeRTOS-LTS/ ../FreeRTOS-LTS/
6779
- name: Create artifact of ZIP
6880
uses: actions/upload-artifact@v2
6981
with:

0 commit comments

Comments
 (0)