From: Tom Hughes Date: Sat, 7 Dec 2024 17:04:03 +0000 (+0000) Subject: Protect against malicious branch names X-Git-Tag: live~13 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/d598623305c179cc6e9ab6e232b758fea51a5956 Protect against malicious branch names --- diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index 67a676d87..6da5e7164 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -24,10 +24,10 @@ jobs: bundler-cache: true - name: Create base branch run: | - git fetch ${{ github.event.pull_request.base.repo.clone_url }} ${{ github.event.pull_request.base.ref }}:danger_base + git fetch ${{ github.event.pull_request.base.repo.clone_url }} ${{ github.event.pull_request.base.sha }}:danger_base - name: Create head branch run: | - git fetch ${{ github.event.pull_request.head.repo.clone_url }} ${{ github.event.pull_request.head.ref }}:danger_head + git fetch ${{ github.event.pull_request.head.repo.clone_url }} ${{ github.event.pull_request.head.sha }}:danger_head - name: Danger env: DANGER_GITHUB_BEARER_TOKEN: ${{ secrets.GITHUB_TOKEN }}