gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

ci: use environment variables in GitHub Actions for improved security (#9433)

Browse Source
This commit is contained in:
Teppei Fukuda
2025-09-05 11:24:31 +04:00
committed by GitHub
parent 2185c7816a
commit 4359fe06a0
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/backport.yaml vendored
View File

@@ -16,7 +16,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
PERMISSION=$(gh api /repos/$GITHUB_REPOSITORY/collaborators/$GITHUB_ACTOR/permission --jq '.permission')
if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
echo "is_maintainer=true" >> $GITHUB_OUTPUT
else
@@ -53,8 +53,9 @@ jobs:
git config --global user.name "GitHub Actions"
- name: Run backport script
run: ./misc/backport/backport.sh ${{ env.BRANCH_NAME }} ${{ github.event.issue.number }}
env:
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
# This allows the created PR to trigger tests and other workflows
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
run: ./misc/backport/backport.sh "$BRANCH_NAME" "$ISSUE_NUMBER"