From 7ed611fb76a839931a0a6bed360aaab4d2ad4bd8 Mon Sep 17 00:00:00 2001 From: Tim McCormack Date: Fri, 30 Sep 2022 01:51:48 +0000 Subject: [PATCH] Use env to avoid script injection in CI workflow --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5af4b0d..a9c0c49 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -78,8 +78,10 @@ jobs: config: testdata/hadolint.yaml - name: Run integration test 6 - verify results output parameter + env: + STEP_5_OUTPUT: ${{ steps.hadolint5.outputs.results }} # This step will never fail, but will print out the results from step5 - run: echo "${{ steps.hadolint5.outputs.results }}" + run: echo "$STEP_5_OUTPUT" #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations.