Merge pull request #876 from amvanbaren/fix-expression-injection-in-h…

…ead-branch Fix expression injection in head_branch
eclipse · Mar 21, 2024 · 10d1a23 · 10d1a23
2 parents 8e145b2 + 946a30c
commit 10d1a23
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
@@ -39,11 +39,13 @@ jobs:
           fetch-depth: 0
     - name: Checkout base branch
       if: github.event.workflow_run.event == 'pull_request'
+      env:
+        HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
       run: |
         git remote add upstream ${{ github.event.repository.clone_url }}
         git fetch upstream
         git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
-        git checkout ${{ github.event.workflow_run.head_branch }}
+        git checkout $HEAD_BRANCH
         git clean -ffdx && git reset --hard HEAD
     - name: Cache SonarCloud packages
       uses: actions/cache@v3