Skip to content

Commit 4359fe0

Browse files
authored
ci: use environment variables in GitHub Actions for improved security (#9433)
1 parent 2185c78 commit 4359fe0

1 file changed

Lines changed: 4 additions & 3 deletions

File tree

.github/workflows/backport.yaml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
env:
1717
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
1818
run: |
19-
PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
19+
PERMISSION=$(gh api /repos/$GITHUB_REPOSITORY/collaborators/$GITHUB_ACTOR/permission --jq '.permission')
2020
if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
2121
echo "is_maintainer=true" >> $GITHUB_OUTPUT
2222
else
@@ -53,8 +53,9 @@ jobs:
5353
git config --global user.name "GitHub Actions"
5454
5555
- name: Run backport script
56-
run: ./misc/backport/backport.sh ${{ env.BRANCH_NAME }} ${{ github.event.issue.number }}
5756
env:
5857
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
5958
# This allows the created PR to trigger tests and other workflows
60-
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
59+
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
60+
ISSUE_NUMBER: ${{ github.event.issue.number }}
61+
run: ./misc/backport/backport.sh "$BRANCH_NAME" "$ISSUE_NUMBER"

0 commit comments

Comments
 (0)