Skip to content

Commit ea4fb7a

Browse files
auscompgeekauscompgeek
committed
bump: Read payload in env
- DRY - Harden against any possible attacks
1 parent 5ca7609 commit ea4fb7a

File tree

1 file changed

+10
-6
lines changed

1 file changed

+10
-6
lines changed

.github/workflows/bump.yml

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,14 @@ jobs:
77
bump:
88
if: github.event_name == 'repository_dispatch' && github.event.action == 'tag'
99
runs-on: ubuntu-latest
10+
env:
11+
PACKAGE_NAME: ${{ github.event.client_payload.package_name }}
12+
PACKAGE_VERSION: ${{ github.event.client_payload.package_version }}
13+
1014
steps:
1115
- name: Information
1216
run: |
13-
echo "Version update for ${{ github.event.client_payload.package_name }} -> ${{ github.event.client_payload.package_version }} requested"
17+
echo "Version update for $PACKAGE_NAME -> $PACKAGE_VERSION requested"
1418
- uses: actions/checkout@v4
1519
with:
1620
token: ${{ secrets.REPO_ACCESS_TOKEN }}
@@ -27,20 +31,20 @@ jobs:
2731
- name: Bump requirements
2832
shell: bash
2933
run: |
30-
python .github/workflows/bump.py ${{ github.event.client_payload.package_name }} ${{ github.event.client_payload.package_version }} "$(git describe --tags)"
34+
python .github/workflows/bump.py "$PACKAGE_NAME" "$PACKAGE_VERSION" "$(git describe --tags)"
3135
3236
- name: Commit and push
3337
shell: bash
3438
run: |
3539
git config --local user.email "[email protected]"
3640
git config --local user.name "Github Action"
3741
git add pyproject.toml
38-
git commit -m "Bump '${{ github.event.client_payload.package_name }}' dependency to '${{ github.event.client_payload.package_version }}'"
42+
git commit -m "Bump '$PACKAGE_NAME' dependency to '$PACKAGE_VERSION'"
3943
git push
4044
4145
- name: Tag and push
4246
shell: bash
4347
run: |
44-
TAG=$(python .github/workflows/tag.py ${{ github.event.client_payload.package_name }} ${{ github.event.client_payload.package_version }} "$(git describe --tags --no-abbrev)")
45-
git tag ${TAG}
46-
git push origin ${TAG}
48+
TAG=$(python .github/workflows/tag.py "$PACKAGE_NAME" "$PACKAGE_VERSION" "$(git describe --tags --no-abbrev)")
49+
git tag "${TAG}"
50+
git push origin "${TAG}"

0 commit comments

Comments
 (0)