fix(ci): checkout pr code instead of base branch in claude review #334
actionlint.yml
on: pull_request
Lint GitHub Actions workflows
19s
Annotations
1 error
|
Lint GitHub Actions workflows:
.github/workflows/claude-code-review.yml#L36
[actionlint] reported by reviewdog 🐶
"github.event.pull_request.head.ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details [expression]
Raw Output:
e:.github/workflows/claude-code-review.yml:36:144: "github.event.pull_request.head.ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details [expression]
|