From 13cf912e55f42b61da121f7ef42ad585bb179183 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang Date: Tue, 14 Jul 2026 17:14:46 -0400 Subject: [PATCH] fix: prevent GitHub Actions script injection --- .github/workflows/integration-tests-pr.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-tests-pr.yml b/.github/workflows/integration-tests-pr.yml index 4332b57a..4b43473a 100644 --- a/.github/workflows/integration-tests-pr.yml +++ b/.github/workflows/integration-tests-pr.yml @@ -62,11 +62,12 @@ jobs: - name: replace existing keys run: rm -rf ~/.ansible/test && mkdir -p ~/.ansible/test && ssh-keygen -m PEM -q -t rsa -N '' -f ~/.ansible/test/id_rsa - - run: make deps && make TEST_SUITE="${{ inputs.test_suite }}" test-int + - run: make deps && make TEST_SUITE="$TEST_SUITE" test-int if: ${{ steps.disallowed-char-check.outputs.match == '' }} env: LINODE_API_TOKEN: ${{ secrets.DX_LINODE_TOKEN }} RUN_ACLP_LOGS_STREAM_TESTS: ${{ inputs.run_aclp_logs_stream_tests || 'false' }} + TEST_SUITE: ${{ inputs.test_suite }} - name: Get the hash value of the latest commit from the PR branch uses: octokit/graphql-action@v2.x