🔒 Security: restrict workflow context (#3124)

Co-authored-by: polarathene <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
Ju4tCode 2024-11-18 23:09:11 +08:00 committed by GitHub
parent 3bf393444d
commit 83552d6995
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 4 deletions

View File

@ -45,11 +45,16 @@ jobs:
- name: Restore Context
run: |
cat action.env >> $GITHUB_ENV
PR_NUMBER=$(cat ./pr-number)
if ! [[ "${PR_NUMBER}" =~ ^[0-9]+$ ]]; then
echo "Invalid PR number: ${PR_NUMBER}"
exit 1
fi
echo "PR_NUMBER=${PR_NUMBER}" >> "${GITHUB_ENV}"
- name: Set Deploy Name
run: |
echo "DEPLOY_NAME=deploy-preview-${{ env.PR_NUMBER }}" >> $GITHUB_ENV
echo "DEPLOY_NAME=deploy-preview-${PR_NUMBER}" >> "${GITHUB_ENV}"
- name: Deploy to Netlify
id: deploy

View File

@ -30,7 +30,7 @@ jobs:
- name: Export Context
run: |
echo "PR_NUMBER=${{ github.event.number }}" >> ./action.env
echo "${{ github.event.pull_request.number }}" > ./pr-number
- name: Upload Artifact
uses: actions/upload-artifact@v4
@ -38,5 +38,5 @@ jobs:
name: website-preview
path: |
./website/build
./action.env
./pr-number
retention-days: 1