wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #11 from 1Password/eddy/fix-injection
Some checks failed
Run acceptance tests / test (push) Has been cancelled
Details

Browse Source 
Improve the way input is processed to avoid command injection
This commit is contained in:
Eduard Filip
2022-05-18 17:42:36 +02:00
committed by GitHub
parent e28960dbbb a5debe1b2e
commit d50df7cd6d
2 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
action.yml
View File

@@ -10,8 +10,9 @@ inputs:
default: false default: false
runs: runs:
using: composite using: composite
steps: steps:
- run: | - shell: bash
export INPUT_UNSET_PREVIOUS=${{ inputs.unset-previous }} env:
INPUT_UNSET_PREVIOUS: ${{ inputs.unset-previous }}
run: |
${{ github.action_path }}/entrypoint.sh ${{ github.action_path }}/entrypoint.sh
shell: bash

11
configure/action.yml
View File

@@ -8,9 +8,10 @@ inputs:
description: Token to authenticate to your 1Password Connect instance description: Token to authenticate to your 1Password Connect instance
runs: runs:
using: composite using: composite
steps: steps:
- run: | - shell: bash
export INPUT_CONNECT_HOST=${{ inputs.connect-host }} env:
export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }} INPUT_CONNECT_HOST: ${{ inputs.connect-host }}
INPUT_CONNECT_TOKEN: ${{ inputs.connect-token }}
run: |
${{ github.action_path }}/entrypoint.sh ${{ github.action_path }}/entrypoint.sh
shell: bash