Skip to content

Commit f5a2a7f

Browse files
ActoryOuActoryOu
authored
Merge pull request #121 from ActoryOu/UpdateReleaseYml
Follow Security Guide to update release.yml.
2 parents 0961270 + 5c43a0c commit f5a2a7f

File tree

2 files changed

+28
-11
lines changed

2 files changed

+28
-11
lines changed

.github/.cSpellWords.txt

+1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
BTDM
22
CBMC
33
CBOR
4+
ccbits
45
CMOCK
56
CMock
67
CSDK

.github/workflows/release.yml

+27-11
Original file line numberDiff line numberDiff line change
@@ -24,21 +24,31 @@ jobs:
2424
with:
2525
ref: ${{ github.event.inputs.commit_id }}
2626
- name: Configure git identity
27+
env:
28+
ACTOR: ${{ github.actor }}
2729
run: |
28-
git config --global user.name ${{ github.actor }}
29-
git config --global user.email ${{ github.actor }}@users.noreply.github.com
30+
git config --global user.name "$ACTOR"
31+
git config --global user.email "$ACTOR"@users.noreply.github.com
3032
- name: create a new branch that references commit id
31-
run: git checkout -b ${{ github.event.inputs.version_number }} ${{ github.event.inputs.commit_id }}
33+
env:
34+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
35+
COMMIT_ID: ${{ github.event.inputs.commit_id }}
36+
run: git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
3237
- name: Tag Commit and Push to remote
38+
env:
39+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
3340
run: |
34-
git tag ${{ github.event.inputs.version_number }} -a -m "Release ${{ github.event.inputs.version_number }}"
41+
git tag "$VERSION_NUMBER" -a -m "Release $VERSION_NUMBER"
3542
git push origin --tags
3643
- name: Verify tag on remote
44+
env:
45+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
46+
COMMIT_ID: ${{ github.event.inputs.commit_id }}
3747
run: |
38-
git tag -d ${{ github.event.inputs.version_number }}
48+
git tag -d "$VERSION_NUMBER"
3949
git remote update
40-
git checkout tags/${{ github.event.inputs.version_number }}
41-
git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }}
50+
git checkout tags/"$VERSION_NUMBER"
51+
git diff "$COMMIT_ID" tags/"$VERSION_NUMBER"
4252
create-zip:
4353
needs: tag-commit
4454
name: Create ZIP and verify package for release asset.
@@ -53,23 +63,29 @@ jobs:
5363
path: ${{ github.event.repository.name }}
5464
submodules: recursive
5565
- name: Checkout disabled submodules
66+
env:
67+
REPO_NAME: ${{ github.event.repository.name }}
5668
run: |
57-
cd ${{ github.event.repository.name }}
69+
cd "$REPO_NAME"
5870
git submodule update --init --checkout --recursive
5971
- name: Create ZIP
72+
env:
73+
REPO_NAME: ${{ github.event.repository.name }}
6074
run: |
61-
zip -r ${{ env.repostiory_zip_name }} ${{ github.event.repository.name }} -x "*.git*"
75+
zip -r ${{ env.repostiory_zip_name }} "$REPO_NAME" -x "*.git*"
6276
ls ./
6377
- name: Validate created ZIP
78+
env:
79+
REPO_NAME: ${{ github.event.repository.name }}
6480
run: |
6581
mkdir zip-check
6682
mv ${{ env.repostiory_zip_name }} zip-check
6783
cd zip-check
6884
unzip ${{ env.repostiory_zip_name }} -d ${{ env.repository_compressed_name }}
6985
ls ${{ env.repository_compressed_name }}
70-
diff -r -x "*.git*" ${{ env.repository_compressed_name }}/${{ github.event.repository.name }}/ ../${{ github.event.repository.name }}/
86+
diff -r -x "*.git*" ${{ env.repository_compressed_name }}/"$REPO_NAME"/ ../"$REPO_NAME"/
7187
- name: Create artifact of ZIP
72-
uses: actions/upload-artifact@v2
88+
uses: actions/upload-artifact@v4
7389
with:
7490
name: ${{ env.repostiory_zip_name }}
7591
path: zip-check/${{ env.repostiory_zip_name }}

0 commit comments

Comments
 (0)