fix(git-id-switcher): replace broken Snyk badge with static shield #657
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Restyled | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: {} | |
| jobs: | |
| restyled: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| # SECURITY: Use SHA (immutable) instead of branch ref (user-controlled) | |
| # to prevent potential injection attacks via malicious branch names. | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Setup branch for commits | |
| env: | |
| # SECURITY: Pass user-controlled data via environment variable | |
| # to prevent shell injection | |
| HEAD_REF: ${{ github.event.pull_request.head.ref }} | |
| run: | | |
| # Validate branch name format (alphanumeric, _, -, /, .) | |
| if [[ ! "$HEAD_REF" =~ ^[a-zA-Z0-9_/.@-]+$ ]]; then | |
| echo "::error::Invalid branch name format" | |
| exit 1 | |
| fi | |
| git checkout -B "$HEAD_REF" | |
| - name: Setup Restyled | |
| uses: restyled-io/actions/setup@da77999fc52ee0d74212e9f0391b1b23150a4547 # v4.4.21 | |
| - name: Run Restyled | |
| uses: restyled-io/actions/run@da77999fc52ee0d74212e9f0391b1b23150a4547 # v4.4.21 | |
| with: | |
| fail-on-differences: false | |
| suggestions: true |