Skip to content

Commit 260c1c6

Browse files
kar-rahul-awskar-rahul-aws
authored
Follow Security Guide to update release.yml (#181)
* Update release.yml as per security guidelines * Fix formatting
1 parent b11d519 commit 260c1c6

File tree

1 file changed

+35
-17
lines changed

1 file changed

+35
-17
lines changed

.github/workflows/release.yml

Lines changed: 35 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -20,33 +20,43 @@ jobs:
2020
with:
2121
ref: ${{ github.event.inputs.commit_id }}
2222
- name: Configure git identity
23+
env:
24+
ACTOR: ${{ github.actor }}
2325
run: |
24-
git config --global user.name ${{ github.actor }}
25-
git config --global user.email ${{ github.actor }}@users.noreply.github.com
26+
git config --global user.name "$ACTOR"
27+
git config --global user.email "$ACTOR"@users.noreply.github.com
2628
- name: create a new branch that references commit id
27-
run:
28-
git checkout -b ${{ github.event.inputs.version_number }} ${{
29-
github.event.inputs.commit_id }}
29+
env:
30+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
31+
COMMIT_ID: ${{ github.event.inputs.commit_id }}
32+
run: git checkout -b "$VERSION_NUMBER" "$COMMIT_ID"
3033
- name: Generate SBOM
3134
uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
3235
with:
3336
repo_path: ./
3437
source_path: ./source
3538
- name: commit SBOM file
39+
env:
40+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
3641
run: |
3742
git add .
3843
git commit -m 'Update SBOM'
39-
git push -u origin ${{ github.event.inputs.version_number }}
44+
git push -u origin "$VERSION_NUMBER"
4045
- name: Tag Commit and Push to remote
46+
env:
47+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
4148
run: |
42-
git tag ${{ github.event.inputs.version_number }} -a -m "FreeRTOS-Cellular-Interface Library ${{ github.event.inputs.version_number }}"
49+
git tag "$VERSION_NUMBER" -a -m "FreeRTOS-Cellular-Interface Library $VERSION_NUMBER"
4350
git push origin --tags
4451
- name: Verify tag on remote
52+
env:
53+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
54+
COMMIT_ID: ${{ github.event.inputs.commit_id }}
4555
run: |
46-
git tag -d ${{ github.event.inputs.version_number }}
56+
git tag -d "$VERSION_NUMBER"
4757
git remote update
48-
git checkout tags/${{ github.event.inputs.version_number }}
49-
git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }}
58+
git checkout tags/"$VERSION_NUMBER"
59+
git diff "$COMMIT_ID" tags/"$VERSION_NUMBER"
5060
create-zip:
5161
needs: tag-commit
5262
name: Create ZIP and verify package for release asset.
@@ -65,21 +75,27 @@ jobs:
6575
cd FreeRTOS-Cellular-Interface
6676
git submodule update --init --checkout --recursive
6777
- name: Create ZIP
78+
env:
79+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
6880
run: |
69-
zip -r FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}.zip FreeRTOS-Cellular-Interface -x "*.git*"
81+
zip -r FreeRTOS-Cellular-Interface-"$VERSION_NUMBER".zip FreeRTOS-Cellular-Interface -x "*.git*"
7082
ls ./
7183
- name: Validate created ZIP
84+
env:
85+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
7286
run: |
7387
mkdir zip-check
74-
mv FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}.zip zip-check
88+
mv FreeRTOS-Cellular-Interface-"$VERSION_NUMBER".zip zip-check
7589
cd zip-check
76-
unzip FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}.zip -d FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}
77-
ls FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}
78-
diff -r -x "*.git*" FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}/FreeRTOS-Cellular-Interface/ ../FreeRTOS-Cellular-Interface/
90+
unzip FreeRTOS-Cellular-Interface-"$VERSION_NUMBER".zip -d FreeRTOS-Cellular-Interface-"$VERSION_NUMBER"
91+
ls FreeRTOS-Cellular-Interface-"$VERSION_NUMBER"
92+
diff -r -x "*.git*" FreeRTOS-Cellular-Interface-"$VERSION_NUMBER"/FreeRTOS-Cellular-Interface/ ../FreeRTOS-Cellular-Interface/
7993
cd ../
8094
- name: Build
95+
env:
96+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
8197
run: |
82-
cd zip-check/FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}/FreeRTOS-Cellular-Interface
98+
cd zip-check/FreeRTOS-Cellular-Interface-"$VERSION_NUMBER"/FreeRTOS-Cellular-Interface
8399
sudo apt-get install -y lcov
84100
cmake -S test -B build/ \
85101
-G "Unix Makefiles" \
@@ -88,8 +104,10 @@ jobs:
88104
-DCMAKE_C_FLAGS='--coverage -Wall -Wextra -DNDEBUG'
89105
make -C build/ all
90106
- name: Test
107+
env:
108+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
91109
run: |
92-
cd zip-check/FreeRTOS-Cellular-Interface-${{ github.event.inputs.version_number }}/FreeRTOS-Cellular-Interface/build/
110+
cd zip-check/FreeRTOS-Cellular-Interface-"$VERSION_NUMBER"/FreeRTOS-Cellular-Interface/build/
93111
ctest -E system --output-on-failure
94112
cd ..
95113
- name: Create artifact of ZIP

0 commit comments

Comments
 (0)