Skip to content

Commit 3ead9a2

Browse files
adeatcu-ionosadeatcu-ionos
authored
Merge pull request #2 from ionos-cloud/fix-vulnerability-in-issue-creation-workflow
Fix vulnerability in issue creation workflow
2 parents da99dc5 + 7ae806a commit 3ead9a2

File tree

1 file changed

+37
-51
lines changed

1 file changed

+37
-51
lines changed

.github/workflows/issues.yml

Lines changed: 37 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -3,66 +3,52 @@ on:
33
issues:
44
types: [ opened, reopened ]
55

6+
env:
7+
ISSUE_CREATOR: ${{ github.event.issue.user.login }}
8+
ISSUE_TITLE: ${{ github.event.issue.title }}
9+
ISSUE_NUMBER: ${{ github.event.issue.number }}
10+
ISSUE_URL: ${{ github.event.issue.html_url }}
11+
ISSUE_LABELS: "- ${{ join(github.event.issue.labels.*.name) }}"
12+
GITHUB_REPO: ${{ github.repository }}
13+
614
jobs:
715
build:
816
runs-on: ubuntu-latest
917

1018
steps:
1119
- name: Git Issue Details
1220
run: |
13-
echo "Issue creator: ${{ github.event.issue.user.login }}"
14-
echo "Issue title: ${{ github.event.issue.title }}"
15-
echo "Issue number: ${{ github.event.issue.number }}"
16-
echo "Issue url: ${{ github.event.issue.html_url }}"
21+
echo "Issue creator: $ISSUE_CREATOR"
22+
echo "Issue title: $ISSUE_TITLE"
23+
echo "Issue number: $ISSUE_NUMBER"
24+
echo "Issue url: $ISSUE_URL"
1725
- name: Google Chat Notification
1826
run: |
19-
curl --location --request POST '${{ secrets.ISSUE_TRACKER_WEBHOOK }}' \
20-
--header 'Content-Type: application/json' \
21-
--data-raw '{
27+
payload=$(jq -n \
28+
--arg title "$ISSUE_TITLE" \
29+
--arg subtitle "Issue No: #$ISSUE_NUMBER" \
30+
--arg repo "$GITHUB_REPO" \
31+
--arg labels "$ISSUE_LABELS" \
32+
--arg url "$ISSUE_URL" \
33+
'{
2234
"cards": [
23-
{
24-
"header": {
25-
"title": "New Issue 🔨",
26-
"subtitle": "Issue No: #${{ github.event.issue.number }}"
27-
},
28-
"sections": [
29-
{
30-
"widgets": [
31-
{
32-
"keyValue": {
33-
"topLabel": "Repository",
34-
"content": "${{ github.repository }}"
35-
},
36-
},
37-
{
38-
"keyValue": {
39-
"topLabel": "Title",
40-
"content": "${{ github.event.issue.title }}"
41-
}
42-
},
43-
{
44-
"keyValue": {
45-
"topLabel": "Assigned Labels",
46-
"content": "- ${{ join(github.event.issue.labels.*.name) }}"
47-
}
48-
},
49-
{
50-
"buttons": [
51-
{
52-
"textButton": {
53-
"text": "OPEN ISSUE",
54-
"onClick": {
55-
"openLink": {
56-
"url": "${{ github.event.issue.html_url }}"
57-
}
58-
}
59-
}
60-
}
61-
]
62-
}
63-
]
64-
}
35+
{
36+
"header": { "title": "New Issue 🔨", "subtitle": $subtitle },
37+
"sections": [
38+
{
39+
"widgets": [
40+
{ "keyValue": { "topLabel": "Repository", "content": $repo } },
41+
{ "keyValue": { "topLabel": "Title", "content": $title } },
42+
{ "keyValue": { "topLabel": "Assigned Labels", "content": $labels } },
43+
{ "buttons": [ { "textButton": { "text": "OPEN ISSUE", "onClick": { "openLink": { "url": $url } } } } ] }
6544
]
66-
}
45+
}
46+
]
47+
}
6748
]
68-
}'
49+
}')
50+
51+
curl --location --request POST '${{ secrets.ISSUE_TRACKER_WEBHOOK }}' \
52+
--header 'Content-Type: application/json' \
53+
--data-raw "$payload"
54+

0 commit comments

Comments
 (0)