Skip to content

Commit 420a0be

Browse files
fix(security): remediate workflow vulnerability in .github/workflows/build.yaml
1 parent 2e690c2 commit 420a0be

1 file changed

Lines changed: 3 additions & 5 deletions

File tree

.github/workflows/build.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -31,13 +31,11 @@ jobs:
3131
uses: actions/checkout@v6
3232

3333
- id: set-matrix
34-
env:
35-
GITHUB_REF: ${{ github.ref }}
3634
run: |
37-
branchName=$(echo $GITHUB_REF | sed 's,refs/heads/,,g')
35+
branchName="${GITHUB_REF#refs/heads/}"
3836
matrix=$(jq --arg branchName "$branchName" 'map(. | select((.runOn==$branchName) or (.runOn=="always")) )' .github/workflows/matrix.json)
3937
echo "{\"include\":$(echo $matrix)}"
40-
echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"
38+
echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
4139
4240
build-and-push-image:
4341
needs: matrix
@@ -180,4 +178,4 @@ jobs:
180178
actions_runtime_token=${{ env.ACTIONS_RUNTIME_TOKEN }}
181179
tags: ${{ steps.meta-grpc.outputs.tags }}
182180
labels: ${{ steps.meta-grpc.outputs.labels }}
183-
cache-from: type=s3,region=us-east-1,bucket=${{ vars.AWS_S3BUCKET_GITHUB_BUILDX_CACHE }},name=text-embeddings-inference-cache-${{matrix.name}},access_key_id=${{ steps.aws-creds.outputs.aws-access-key-id }},secret_access_key=${{ steps.aws-creds.outputs.aws-secret-access-key }},session_token=${{ steps.aws-creds.outputs.aws-session-token }},mode=max
181+
cache-from: type=s3,region=us-east-1,bucket=${{ vars.AWS_S3BUCKET_GITHUB_BUILDX_CACHE }},name=text-embeddings-inference-cache-${{matrix.name}},access_key_id=${{ steps.aws-creds.outputs.aws-access-key-id }},secret_access_key=${{ steps.aws-creds.outputs.aws-secret-access-key }},session_token=${{ steps.aws-creds.outputs.aws-session-token }},mode=max

0 commit comments

Comments
 (0)