Fix CI command injection vulnerability

See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
This commit is contained in:
Stypox 2023-04-26 16:01:20 +02:00
parent da30e539df
commit 43b0167a3a
No known key found for this signature in database
GPG key ID: 4BDF1B40A49FDD23

View file

@ -42,7 +42,9 @@ jobs:
- name: create and checkout branch
# push events already checked out the branch
if: github.event_name == 'pull_request'
run: git checkout -B ${{ github.head_ref }}
env:
BRANCH: ${{ github.head_ref }}
run: git checkout -B "$BRANCH"
- name: set up JDK 17
uses: actions/setup-java@v3