Skip to content

Commit

Permalink
debug
Browse files Browse the repository at this point in the history
  • Loading branch information
@katybaulch
katybaulch committed Mar 26, 2024
1 parent 376cad4 commit c4f8161
Showing 1 changed file with 13 additions and 8 deletions.
21 changes: 13 additions & 8 deletions .github/workflows/ci-cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,20 @@ jobs:
if: ${{ ! startsWith(github.ref, 'refs/tags') && ! startsWith(github.ref, 'refs/heads/main') }}
runs-on: ubuntu-latest
steps:
- name: Determine new tag version
id: determine_next_tag
uses: climatepolicyradar/get-next-tag-from-pr-body@main
with:
pr_body: ${{ github.event.pull_request.body }}
pr_number: ${{ github.event.pull_request.number }}

- name: Echo next tag

Check failure on line 50 in .github/workflows/ci-cd.yml

View workflow job for this annotation

GitHub Actions / Trunk Check

checkov(CKV_GHA_2) 

[new] Ensure run commands are not vulnerable to shell injection
run: echo ${{ steps.determine_next_tag.outputs.new_tag }}
run: |

Check failure on line 51 in .github/workflows/ci-cd.yml

View workflow job for this annotation

GitHub Actions / Trunk Check

actionlint(expression) 

[new] "github.event.pull_request.body" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details
echo ${{ github.event.pull_request.number }}
echo "${{ github.event.pull_request.body }}"
# - name: Determine new tag version
# id: determine_next_tag
# uses: climatepolicyradar/get-next-tag-from-pr-body@main
# with:
# pr_body: ${{ github.event.pull_request.body }}
# pr_number: ${{ github.event.pull_request.number }}

# - name: Echo next tag
# run: echo ${{ steps.determine_next_tag.outputs.new_tag }}

build:
if: ${{ ! startsWith(github.ref, 'refs/tags') }}
Expand Down

0 comments on commit c4f8161

Please sign in to comment.