From 6006b771a2b82088019ae03aae3e5b8001ddccab Mon Sep 17 00:00:00 2001 From: egibs <20933572+egibs@users.noreply.github.com> Date: Mon, 13 Jan 2025 19:05:12 -0600 Subject: [PATCH 1/2] Trust GITHUB_WORKSPACE in third-party Workflow Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> --- .github/workflows/third-party.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/third-party.yaml b/.github/workflows/third-party.yaml index d6ae561d..17ad9321 100644 --- a/.github/workflows/third-party.yaml +++ b/.github/workflows/third-party.yaml @@ -36,6 +36,8 @@ jobs: apk update apk add bash curl findutils gh git go nodejs perl upx xz yara-x-compat - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - name: Trust repository + run: git config --global --add safe.directory $GITHUB_WORKSPACE - uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8 - name: Set up Octo-STS uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0 From 1fbbb0f9541c20aee5ad3a977e3e1beac39cf18d Mon Sep 17 00:00:00 2001 From: egibs <20933572+egibs@users.noreply.github.com> Date: Mon, 13 Jan 2025 19:31:54 -0600 Subject: [PATCH 2/2] Quote all instances of GITHUB_WORKSPACE Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> --- .github/workflows/go-tests.yaml | 4 ++-- .github/workflows/style.yaml | 2 +- .github/workflows/third-party.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/go-tests.yaml b/.github/workflows/go-tests.yaml index 37250368..a3004f65 100644 --- a/.github/workflows/go-tests.yaml +++ b/.github/workflows/go-tests.yaml @@ -42,7 +42,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Trust repository - run: git config --global --add safe.directory $GITHUB_WORKSPACE + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Unit tests run: | @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Trust repository - run: git config --global --add safe.directory $GITHUB_WORKSPACE + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Integration tests run: | diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 813ceaff..af89cb2a 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -139,7 +139,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Trust repository - run: git config --global --add safe.directory $GITHUB_WORKSPACE + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Run golangci-lint run: | diff --git a/.github/workflows/third-party.yaml b/.github/workflows/third-party.yaml index 17ad9321..16422e26 100644 --- a/.github/workflows/third-party.yaml +++ b/.github/workflows/third-party.yaml @@ -37,7 +37,7 @@ jobs: apk add bash curl findutils gh git go nodejs perl upx xz yara-x-compat - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Trust repository - run: git config --global --add safe.directory $GITHUB_WORKSPACE + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8 - name: Set up Octo-STS uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0