Skip to content

Commit 58f263c

Browse files
pmathew92pmathew92
authored
chore: Moved all inputs to environment variables to prevent shell command injection (#689)
2 parents fac08d3 + 2e357b0 commit 58f263c

2 files changed

Lines changed: 20 additions & 4 deletions

File tree

.github/actions/maven-publish/action.yml

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,16 +29,30 @@ runs:
2929
curl -s "https://get.sdkman.io" | bash
3030
source "/home/runner/.sdkman/bin/sdkman-init.sh"
3131
sdk list java
32-
sdk install java ${{ inputs.java-version }} && sdk default java ${{ inputs.java-version }}
32+
sdk install java "$JAVA_VERSION" && sdk default java "$JAVA_VERSION"
33+
env:
34+
JAVA_VERSION: ${{ inputs.java-version }}
3335

3436
- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # pin@1.1.0
3537

3638
- name: Publish Java
3739
shell: bash
3840
if: inputs.is-android == 'false'
39-
run: ./gradlew clean assemble sign publishMavenJavaPublicationToMavenRepository -PisSnapshot=false -Pversion="${{ inputs.version }}" -PossrhUsername="${{ inputs.ossr-username }}" -PossrhPassword="${{ inputs.ossr-password }}" -PsigningKey="${{ inputs.signing-key }}" -PsigningPassword="${{ inputs.signing-password }}"
41+
run: ./gradlew clean assemble sign publishMavenJavaPublicationToMavenRepository -PisSnapshot=false -Pversion="$VERSION" -PossrhUsername="$OSSR_USERNAME" -PossrhPassword="$OSSR_PASSWORD" -PsigningKey="$SIGNING_KEY" -PsigningPassword="$SIGNING_PASSWORD"
42+
env:
43+
VERSION: ${{ inputs.version }}
44+
OSSR_USERNAME: ${{ inputs.ossr-username }}
45+
OSSR_PASSWORD: ${{ inputs.ossr-password }}
46+
SIGNING_KEY: ${{ inputs.signing-key }}
47+
SIGNING_PASSWORD: ${{ inputs.signing-password }}
4048

4149
- name: Publish Android
4250
shell: bash
4351
if: inputs.is-android == 'true'
44-
run: ./gradlew clean assemble sign publishAndroidLibraryPublicationToMavenRepository -PisSnapshot=false -Pversion="${{ inputs.version }}" -PossrhUsername="${{ inputs.ossr-username }}" -PossrhPassword="${{ inputs.ossr-password }}" -PsigningKey="${{ inputs.signing-key }}" -PsigningPassword="${{ inputs.signing-password }}"
52+
run: ./gradlew clean assemble sign publishAndroidLibraryPublicationToMavenRepository -PisSnapshot=false -Pversion="$VERSION" -PossrhUsername="$OSSR_USERNAME" -PossrhPassword="$OSSR_PASSWORD" -PsigningKey="$SIGNING_KEY" -PsigningPassword="$SIGNING_PASSWORD"
53+
env:
54+
VERSION: ${{ inputs.version }}
55+
OSSR_USERNAME: ${{ inputs.ossr-username }}
56+
OSSR_PASSWORD: ${{ inputs.ossr-password }}
57+
SIGNING_KEY: ${{ inputs.signing-key }}
58+
SIGNING_PASSWORD: ${{ inputs.signing-password }}

.github/actions/setup/action.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,10 @@ runs:
1313
steps:
1414
- name: Set up JDK
1515
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # pin@4.8.0
16+
env:
17+
JAVA_VERSION : ${{ inputs.java }}
1618
with:
17-
java-version: ${{ inputs.java }}
19+
java-version: ${{ env.JAVA_VERSION }}
1820
distribution: 'temurin'
1921

2022
- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # pin@1.1.0

0 commit comments

Comments
 (0)