Skip to content

fix: sql injection vulnerability when using filters #174

fix: sql injection vulnerability when using filters

fix: sql injection vulnerability when using filters #174

Workflow file for this run

name: Build & Release
on:
push:
branches:
- "*"
pull_request:
branches:
- main
permissions:
contents: write
pull-requests: write
packages: write
env:
# login to docker hub with provided secrets
REGISTRY: docker.io
REGISTRY_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
IMAGE_NAME: ${{ vars.DOCKERHUB_TAG }}
# For release-please, see available types at https://github.com/google-github-actions/release-please-action/tree/v4/?tab=readme-ov-file#release-types-supported
PROJECT_TYPE: simple
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: rp
if: github.event_name != 'pull_request' && github.ref_name == 'main'
uses: google-github-actions/release-please-action@v4
with:
release-type: ${{ env.PROJECT_TYPE }}
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Prepare tags for Docker meta
id: tags
env:
# When release please is skipped, these values will be empty
is_release: ${{ steps.rp.outputs.release_created }}
version: v${{ steps.rp.outputs.major }}.${{ steps.rp.outputs.minor }}.${{ steps.rp.outputs.patch }}
run: |
tags=""
if [[ "$is_release" = 'true' ]]; then
tags="type=semver,pattern={{version}},value=$version
type=ref,event=branch,value=main"
else
tags="type=ref,event=branch
type=ref,event=pr"
fi
{
echo 'tags<<EOF'
echo "$tags"
echo EOF
} >> "$GITHUB_OUTPUT"
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: ${{ steps.tags.outputs.tags }}
# necessary for multi-platform images
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# necessary for multi-platform images
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
cache-from: type=gha
cache-to: type=gha,mode=max