actions/checkout
1
0
Fork 0
mirror of https://github.com/actions/checkout.git synced 2026-03-04 08:41:01 +08:00
Code Packages Projects Releases Activity

Compare commits

base: actions:7299f160e80d1c942ee9a0d256cd02044e800366
Branches Tags
actions:main
actions:releases/v4
actions:releases/v5
actions:dependabot/github_actions/minor-actions-dependencies-ad3029623a
actions:dependabot/npm_and_yarn/minor-npm-dependencies-14ee30afef
actions:dependabot/npm_and_yarn/types/node-22.5.4
actions:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0
actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.4.0
actions:dependabot/npm_and_yarn/multi-87b2ad6fb3
actions:jww3-patch-1
actions:jww3-minversion-v5
actions:releases/v4.0.0
actions:takost/test-package-update
actions:test-show-progress
actions:releases/v3
actions:users/vanzeben/lfs-credentials-helper
actions:luketomlinson/tags
actions:fhammerl/releasev3.6.0
actions:releases/v2
actions:users/vmjoseph/checkout-upgrade-1.1.3
actions:fhammerl/bump-gh-package-versions
actions:users/vmjoseph/no-proxy
actions:vmjoseph/toolkit-windows-exec
actions:vmjoseph/silent-rev-parse
actions:ericsciple-patch-1
actions:hross-zeit-vercel
actions:master
actions:users/ericsciple/m167workflow
actions:users/ericsciple/m167sub
actions:test-data/v2/submodule-ssh-url-level-2
actions:test-data/v2/submodule-ssh-url
actions:test-data/v2/submodule-ssh-url-level-1
actions:test-data/v2/submodule
actions:users/ericsciple/m166refs
actions:users/tihuang/proxysupport
actions:users/ericsciple/m164submodule
actions:users/ericsciple/m163tarball_temp
actions:users/ericsciple/m163tarball_efficient_download
actions:users/ericsciple/m162pr
actions:users/ericsciple/test-pr
actions:test-data/v2/basic
actions:test-data/v2/submodule-level-1
actions:test-data/v2/submodule-level-2
actions:test-data/v2/lfs
actions:test-data/v2/side-by-side-2
actions:test-data/v2/side-by-side-1
actions:revert-56-users/tihuang/checkoutV1_1
actions:releases/v1
actions:Update-description
actions:v6.0.2
actions:v6.0.1
actions:v6
actions:v6.0.0
actions:v4.3.1
actions:v5.0.1
actions:v6-beta
actions:v5
actions:v5.0.0
actions:v4.3.0
actions:v4.2.2
actions:v4.2.1
actions:v4.2.0
actions:v4.1.7
actions:v4
actions:v4.1.6
actions:v4.1.5
actions:v4.1.4
actions:v4.1.3
actions:v4.1.2
actions:v4.1.1
actions:v4.0.0
actions:v4.1.0
actions:v3.6.0
actions:v3
actions:v3.5.3
actions:v3.5.2
actions:v3.5.1
actions:v2
actions:v2.7.0
actions:v3.5.0
actions:v3.4.0
actions:v3.3.0
actions:v2.6.0
actions:v3.2.0
actions:v2.5.0
actions:v3.1.0
actions:v2.4.2
actions:v3.0.2
actions:v3.0.1
actions:v2.4.1
actions:v3.0.0
actions:v2.4.0
actions:v2.3.5
actions:v2.3.4
actions:v2.3.3
actions:v2.3.2
actions:v2.3.1
actions:v2.3.0
actions:v2.2.0
actions:v2.1.1
actions:v2.1.0
actions:v2.0.0
actions:v2-beta
actions:v1
actions:v1.2.0
actions:v1.1.0
actions:1.0.0
actions:v1.0.0
...
compare: actions:282c39c983c64748750eb363a40c8f2b04e25219
Branches Tags
actions:main
actions:releases/v4
actions:releases/v5
actions:dependabot/github_actions/minor-actions-dependencies-ad3029623a
actions:dependabot/npm_and_yarn/minor-npm-dependencies-14ee30afef
actions:dependabot/npm_and_yarn/types/node-22.5.4
actions:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0
actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.4.0
actions:dependabot/npm_and_yarn/multi-87b2ad6fb3
actions:jww3-patch-1
actions:jww3-minversion-v5
actions:releases/v4.0.0
actions:takost/test-package-update
actions:test-show-progress
actions:releases/v3
actions:users/vanzeben/lfs-credentials-helper
actions:luketomlinson/tags
actions:fhammerl/releasev3.6.0
actions:releases/v2
actions:users/vmjoseph/checkout-upgrade-1.1.3
actions:fhammerl/bump-gh-package-versions
actions:users/vmjoseph/no-proxy
actions:vmjoseph/toolkit-windows-exec
actions:vmjoseph/silent-rev-parse
actions:ericsciple-patch-1
actions:hross-zeit-vercel
actions:master
actions:users/ericsciple/m167workflow
actions:users/ericsciple/m167sub
actions:test-data/v2/submodule-ssh-url-level-2
actions:test-data/v2/submodule-ssh-url
actions:test-data/v2/submodule-ssh-url-level-1
actions:test-data/v2/submodule
actions:users/ericsciple/m166refs
actions:users/tihuang/proxysupport
actions:users/ericsciple/m164submodule
actions:users/ericsciple/m163tarball_temp
actions:users/ericsciple/m163tarball_efficient_download
actions:users/ericsciple/m162pr
actions:users/ericsciple/test-pr
actions:test-data/v2/basic
actions:test-data/v2/submodule-level-1
actions:test-data/v2/submodule-level-2
actions:test-data/v2/lfs
actions:test-data/v2/side-by-side-2
actions:test-data/v2/side-by-side-1
actions:revert-56-users/tihuang/checkoutV1_1
actions:releases/v1
actions:Update-description
actions:v6.0.2
actions:v6.0.1
actions:v6
actions:v6.0.0
actions:v4.3.1
actions:v5.0.1
actions:v6-beta
actions:v5
actions:v5.0.0
actions:v4.3.0
actions:v4.2.2
actions:v4.2.1
actions:v4.2.0
actions:v4.1.7
actions:v4
actions:v4.1.6
actions:v4.1.5
actions:v4.1.4
actions:v4.1.3
actions:v4.1.2
actions:v4.1.1
actions:v4.0.0
actions:v4.1.0
actions:v3.6.0
actions:v3
actions:v3.5.3
actions:v3.5.2
actions:v3.5.1
actions:v2
actions:v2.7.0
actions:v3.5.0
actions:v3.4.0
actions:v3.3.0
actions:v2.6.0
actions:v3.2.0
actions:v2.5.0
actions:v3.1.0
actions:v2.4.2
actions:v3.0.2
actions:v3.0.1
actions:v2.4.1
actions:v3.0.0
actions:v2.4.0
actions:v2.3.5
actions:v2.3.4
actions:v2.3.3
actions:v2.3.2
actions:v2.3.1
actions:v2.3.0
actions:v2.2.0
actions:v2.1.1
actions:v2.1.0
actions:v2.0.0
actions:v2-beta
actions:v1
actions:v1.2.0
actions:v1.1.0
actions:1.0.0
actions:v1.0.0

3 Commits
7299f160e8 ... 282c39c983

Author SHA1 Message Date
Y. Meyer-Norwood
282c39c983
Merge d86d1a437e into 8e8c483db8 2025-12-25 07:01:49 +00:00
Y. Meyer-Norwood
d86d1a437e
Merge branch 'main' into patch-1 2024-01-16 08:51:56 +13:00
Y. Meyer-Norwood
fe77b196f4
Prevent Script Injection Attack 
The user provided inputs here are vulnerable to script injection. This PR uses an intermediary environment variable to treat the input as a string, rather than as part of the command.

See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
 2022-12-13 11:16:31 +13:00
1 changed files with 5 additions and 2 deletions
Show Stats Expand all files Collapse all files

7
.github/workflows/update-main-version.yml vendored
View File

@ -19,6 +19,9 @@ on:
jobs: jobs:
tag: tag:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env:
TARGET: ${{ github.event.inputs.target }}
MAIN_VERSION: ${{ github.event.inputs.major_version }}
steps: steps:
# Note this update workflow can also be used as a rollback tool. # Note this update workflow can also be used as a rollback tool.
# For that reason, it's best to pin `actions/checkout` to a known, stable version # For that reason, it's best to pin `actions/checkout` to a known, stable version
@ -31,6 +34,6 @@ jobs:
git config user.name "github-actions[bot]" git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Tag new target - name: Tag new target
run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }} run: git tag -f "$MAIN_VERSION" "$TARGET"
- name: Push new tag - name: Push new tag
run: git push origin ${{ github.event.inputs.major_version }} --force run: git push origin "$MAIN_VERSION" --force