From 42b3234dab2c85d58f97f6ebcfd79045d40953e9 Mon Sep 17 00:00:00 2001 From: Stypox Date: Sun, 27 Oct 2024 22:23:55 +0100 Subject: [PATCH] Wrap $ in "" to avoid bash injections --- .github/workflows/nightly.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 809c235d8..9d0d6546e 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -24,9 +24,9 @@ jobs: - name: "Determine next tag" id: tagger run: | - TAG=$(git tag --sort=-v:refname | grep nightly- | head -n 1) - VERSION=$(echo $TAG | sed -e s/[^0-9]//g) - INCREMENT=$((VERSION + 1)) + TAG="$(git tag --sort=-v:refname | grep nightly- | head -n 1)" + VERSION="$(echo $TAG | sed -e s/[^0-9]//g)" + INCREMENT="$((VERSION + 1))" NEW_TAG="nightly-${INCREMENT}" echo next tag '${NEW_TAG}' echo "::set-output name=new_tag::${NEW_TAG}" @@ -41,14 +41,14 @@ jobs: - name: "Check for new commits" run : | - if [[ $(git log --since=1.days) ]]; then + if [[ "$(git log --since=1.days)" ]]; then echo "New commits found" echo "new_commit=true" >> $GITHUB_ENV fi - name: "Tag commit" if: ${{ env.new_commit == 'true' }} - run: git tag ${{ steps.tagger.outputs.new_tag }} + run: git tag "${{ steps.tagger.outputs.new_tag }}" - name: "Push to nightly repo" if: ${{ env.new_commit == 'true' }} @@ -73,7 +73,7 @@ jobs: if: ${{ env.new_commit == 'true' }} id: rename_apk run: | - mv ${{steps.sign_app.outputs.signedFile}} app/build/outputs/apk/release/NewPipe_${{steps.tagger.outputs.new_tag}}.apk + mv "${{steps.sign_app.outputs.signedFile}}" "app/build/outputs/apk/release/NewPipe_${{steps.tagger.outputs.new_tag}}.apk" echo "::set-output name=apkFile::app/build/outputs/apk/release/NewPipe_${{steps.tagger.outputs.new_tag}}.apk" - name: "Create GitHub release with APK"