fix: github workflow vulnerable to script injection

Signed-off-by: Diogo Teles Sant'Anna <[email protected]>
ggerganov · Aug 12, 2024 · 71a1614 · 71a1614
1 parent b72c20b
commit 71a1614
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml
@@ -129,6 +129,8 @@ jobs:
 
       - name: Server bench
         id: server_bench
+        env:
+            HEAD_REF: ${{ github.head_ref || github.ref_name }}
         run: |
           set -eux
 
@@ -137,7 +139,7 @@ jobs:
           python bench.py \
               --runner-label ${{ env.RUNNER_LABEL }} \
               --name ${{ github.job }} \
-              --branch ${{ github.head_ref || github.ref_name }} \
+              --branch $HEAD_REF \
               --commit ${{ github.event.inputs.sha || github.event.pull_request.head.sha || github.sha }} \
               --scenario script.js \
               --duration ${{ github.event.inputs.duration || env.DURATION }} \