Skip to content

Commit

Permalink
feat: add npm version to release pipeline [INS-3853]
Browse files Browse the repository at this point in the history
  • Loading branch information
@filfreire
filfreire committed May 17, 2024
1 parent cfb34a7 commit 16c58c1
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,19 @@ jobs:
with:
username: ${{ (github.event_name == 'workflow_dispatch' && github.actor) || 'insomnia-infra' }}

- name: Create new package version
run: npm version "${{ github.event.inputs.version }}"

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

- name: Git Commit
run: git commit -am "Bump version to ${{ github.event.inputs.version }}"

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

- name: Tag the Repository
run: |
git tag ${{ env.TAG }}
git push origin ${{ env.TAG }}
remote_repo="https://${GITHUB_ACTOR}:${RELEASE_GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
git push "${remote_repo}" --follow-tags
env:
RELEASE_GH_TOKEN: ${{ secrets.PAT_INSOMNIA_INFRA }}

- name: Create Tag and Release
uses: ncipollo/release-action@v1
Expand Down

0 comments on commit 16c58c1

Please sign in to comment.