Merge pull request #3953 from raspberrypi/fix-github-context-interpol…

…ation Prevent script injection attack in GitHub Actions
raspberrypi · Dec 7, 2024 · 6537bc7 · 6537bc7
2 parents 229031a + c82233f
commit 6537bc7
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,12 +11,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Log current branches and repositories
+        env:
+          REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
         run: |
           echo "Current ref: $GITHUB_REF"
           echo "Base ref: $GITHUB_BASE_REF"
           echo "Head ref: $GITHUB_HEAD_REF"
           echo "Repository: $GITHUB_REPOSITORY"
-          echo "Head repository: ${{ github.event.pull_request.head.repo.full_name }}"
+          echo "Head repository: $REPO_FULL_NAME"
       - name: Only allow pull requests based on master from the develop branch of the current repository
         if: ${{ github.base_ref == 'master' && !(github.head_ref == 'develop' && github.event.pull_request.head.repo.full_name == github.repository) }}
         run: |