Skip to content

BUILD-10724 fix host paths #237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
julien-carsique-sonarsource merged 1 commit into from
Mar 25, 2026
+5 −14
Merged

BUILD-10724 fix host paths #237

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions config-gradle/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,12 @@
- name: Set local action paths
id: set-path
shell: bash
env:
HOST_ACTIONS_ROOT: ${{ inputs.host-actions-root }}
run: |
echo "::group::Fix for using local actions"
echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
echo "github.action_path=${{ github.action_path }}"
ACTION_PATH_CONFIG_GRADLE="${{ github.action_path }}"
host_actions_root="${HOST_ACTIONS_ROOT}"
host_actions_root="${{ inputs.host-actions-root }}"

Check failure on line 58 in config-gradle/action.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

inputs.host-actions-root is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this action to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. 


See more on https://sonarcloud.io/project/issues?id=SonarSource_ci-github-actions&issues=AZ0mIN1JgoHiKX6ZH4wW&open=AZ0mIN1JgoHiKX6ZH4wW&pullRequest=237
if [[ -z "$host_actions_root" ]]; then
host_actions_root="$(dirname "$ACTION_PATH_CONFIG_GRADLE")"
else
Expand Down
4 changes: 1 addition & 3 deletions config-maven/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,12 @@
- name: Set local action paths
id: set-path
shell: bash
env:
HOST_ACTIONS_ROOT: ${{ inputs.host-actions-root }}
run: |
echo "::group::Fix for using local actions"
echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
echo "github.action_path=${{ github.action_path }}"
ACTION_PATH_CONFIG_MAVEN="${{ github.action_path }}"
host_actions_root="${HOST_ACTIONS_ROOT}"
host_actions_root="${{ inputs.host-actions-root }}"

Check failure on line 59 in config-maven/action.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

inputs.host-actions-root is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this action to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. 


See more on https://sonarcloud.io/project/issues?id=SonarSource_ci-github-actions&issues=AZ0mIN00goHiKX6ZH4wU&open=AZ0mIN00goHiKX6ZH4wU&pullRequest=237
if [[ -z "$host_actions_root" ]]; then
host_actions_root="$(dirname "$ACTION_PATH_CONFIG_MAVEN")"
else
Expand Down
3 changes: 1 addition & 2 deletions config-npm/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,12 @@
ARTIFACTORY_READER_ROLE: ${{ inputs.artifactory-reader-role != '' && inputs.artifactory-reader-role ||
(github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }}
CACHE_NPM: ${{ inputs.cache-npm }}
HOST_ACTIONS_ROOT: ${{ inputs.host-actions-root }}
run: |
echo "::group::Fix for using local actions"
echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
echo "github.action_path=${{ github.action_path }}"
ACTION_PATH_CONFIG_NPM="${{ github.action_path }}"
host_actions_root="${HOST_ACTIONS_ROOT}"
host_actions_root="${{ inputs.host-actions-root }}"

Check failure on line 61 in config-npm/action.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

inputs.host-actions-root is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this action to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. 


See more on https://sonarcloud.io/project/issues?id=SonarSource_ci-github-actions&issues=AZ0mINxjgoHiKX6ZH4wT&open=AZ0mINxjgoHiKX6ZH4wT&pullRequest=237
if [[ -z "$host_actions_root" ]]; then
host_actions_root="$(dirname "$ACTION_PATH_CONFIG_NPM")"
else
Expand Down
4 changes: 1 addition & 3 deletions config-pip/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,12 @@
- name: Set local action paths
id: set-path
shell: bash
env:
HOST_ACTIONS_ROOT: ${{ inputs.host-actions-root }}
run: |
echo "::group::Fix for using local actions"
echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
echo "github.action_path=${{ github.action_path }}"
ACTION_PATH_CONFIG_PIP="${{ github.action_path }}"
host_actions_root="${HOST_ACTIONS_ROOT}"
host_actions_root="${{ inputs.host-actions-root }}"

Check failure on line 45 in config-pip/action.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

inputs.host-actions-root is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this action to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. 


See more on https://sonarcloud.io/project/issues?id=SonarSource_ci-github-actions&issues=AZ0mIN0_goHiKX6ZH4wV&open=AZ0mIN0_goHiKX6ZH4wV&pullRequest=237
if [[ -z "$host_actions_root" ]]; then
host_actions_root="$(dirname "$ACTION_PATH_CONFIG_PIP")"
else
Expand Down
4 changes: 1 addition & 3 deletions get-build-number/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,12 @@
- name: Set local action paths
id: set-path
shell: bash
env:
HOST_ACTIONS_ROOT: ${{ inputs.host-actions-root }}
run: |
echo "::group::Fix for using local actions"
echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
echo "github.action_path=${{ github.action_path }}"
ACTION_PATH_GET_BUILD_NUMBER="${{ github.action_path }}"
host_actions_root="${HOST_ACTIONS_ROOT}"
host_actions_root="${{ inputs.host-actions-root }}"

Check failure on line 24 in get-build-number/action.yml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

inputs.host-actions-root is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this action to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. 


See more on https://sonarcloud.io/project/issues?id=SonarSource_ci-github-actions&issues=AZ0mIN1cgoHiKX6ZH4wX&open=AZ0mIN1cgoHiKX6ZH4wX&pullRequest=237
if [[ -z "$host_actions_root" ]]; then
host_actions_root="$(dirname "$ACTION_PATH_GET_BUILD_NUMBER")"
else
Expand Down
Loading