Protect against malicious branch names

author Tom Hughes <tom@compton.nu>

Sat, 7 Dec 2024 17:04:03 +0000 (17:04 +0000)

committer Tom Hughes <tom@compton.nu>

Sat, 7 Dec 2024 17:04:03 +0000 (17:04 +0000)
author Tom Hughes <tom@compton.nu>
Sat, 7 Dec 2024 17:04:03 +0000 (17:04 +0000)
committer Tom Hughes <tom@compton.nu>
Sat, 7 Dec 2024 17:04:03 +0000 (17:04 +0000)
diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml

index 67a676d87c11eea4b1879c2a715443237ea250ee..6da5e716496d05c62300b13654a44f22bbd74905 100644 (file)
--- a/.github/workflows/danger.yml
+++ b/.github/workflows/danger.yml
@@ -24,10 +24,10 @@ jobs:
            bundler-cache: true
        - name: Create base branch
          run: |
-          git fetch ${{ github.event.pull_request.base.repo.clone_url }} ${{ github.event.pull_request.base.ref }}:danger_base
+          git fetch ${{ github.event.pull_request.base.repo.clone_url }} ${{ github.event.pull_request.base.sha }}:danger_base
        - name: Create head branch
          run: |
-          git fetch ${{ github.event.pull_request.head.repo.clone_url }} ${{ github.event.pull_request.head.ref }}:danger_head
+          git fetch ${{ github.event.pull_request.head.repo.clone_url }} ${{ github.event.pull_request.head.sha }}:danger_head
        - name: Danger
          env:
            DANGER_GITHUB_BEARER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
author	Tom Hughes <tom@compton.nu>
	Sat, 7 Dec 2024 17:04:03 +0000 (17:04 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sat, 7 Dec 2024 17:04:03 +0000 (17:04 +0000)