Use environment variable in GitHub workflow. (#700)

blackwinter · blackwinter · commit 2debe2829656 · 2025-07-17T18:21:14.000+02:00
In order to minimize risk of injection attacks.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -14,7 +14,7 @@ jobs:
         with:
           java-version: 11
       - name: Publish package
-        run: ./gradlew publishAllPublicationsToGitHubPackagesRepository -PpublishVersion=${{ github.ref_name }}
+        run: ./gradlew publishAllPublicationsToGitHubPackagesRepository -PpublishVersion="$REFNAME"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
+          REFNAME: ${{ github.ref_name }}
