Skip to content

Commit

Permalink
Merge pull request #113 from diogoteles08/master
Browse files Browse the repository at this point in the history 
fix: github workflow vulnerable to script injection
  • Loading branch information
@ZedThree
ZedThree authored Aug 19, 2024
2 parents 1482181 + c566f8b commit 4e805d4
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion .github/workflows/benchmark.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ name: Benchmarks

on: pull_request

env:
PR_HEAD_LABEL: ${{ github.event.pull_request.head.label }}

jobs:
benchmark:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -38,7 +41,7 @@ jobs:
asv machine --yes
echo "Baseline: ${{ github.event.pull_request.base.sha }} (${{ github.event.pull_request.base.label }})"
echo "Contender: ${GITHUB_SHA} (${{ github.event.pull_request.head.label }})"
echo "Contender: ${GITHUB_SHA} ($PR_HEAD_LABEL)"
# Run benchmarks for current commit against base
ASV_OPTIONS="--split --show-stderr --factor $ASV_FACTOR"
Expand Down

0 comments on commit 4e805d4

Please sign in to comment.