Skip to content

Secure setup action config #2709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dnkolegov-ar wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Secure setup action config #2709

dnkolegov-ar wants to merge 3 commits into from

Conversation

@dnkolegov-ar
Copy link
Collaborator

@dnkolegov-ar dnkolegov-ar commented Jan 6, 2026

This PR hardens the GitHub action config.

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 6, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 commonware-mcp 4c1fdde Jan 08 2026, 05:20 PM

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 8, 2026
edited
Loading

Deploying monorepo with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4c1fdde
Status: ✅  Deploy successful!
Preview URL: https://809cf85c.monorepo-eu0.pages.dev
Branch Preview URL: https://denis-secure-setup-action.monorepo-eu0.pages.dev

View logs

cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
.github/workflows/docker.yml Outdated
export TARGET="${GIT_REF_NAME%/*}"
fi
echo "Target: $TARGET"
echo "Target: "${INPUT_TARGET}"
Copy link

@cursor cursor bot Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unclosed quote causes bash syntax error in workflow

High Severity

The line echo "Target: "${INPUT_TARGET}" has malformed quoting - the string "Target: " is closed, then ${INPUT_TARGET} is unquoted, and a trailing " opens a new quote that's never closed. This causes a bash syntax error that will fail the workflow. Additionally, the original code printed $TARGET (the potentially-modified value) but this prints ${INPUT_TARGET} (the raw input), which changes the debugging output behavior.

Fix in Cursor Fix in Web

@codecov
Copy link

codecov bot commented Jan 8, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.20%. Comparing base (ff8fefb) to head (4c1fdde).
⚠️ Report is 20 commits behind head on main.

@@            Coverage Diff             @@
##             main    #2709      +/-   ##
==========================================
+ Coverage   92.82%   93.20%   +0.37%     
==========================================
  Files         361      372      +11     
  Lines      106797   113359    +6562     
==========================================
+ Hits        99134   105655    +6521     
- Misses       7663     7704      +41

see 152 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ff8fefb...4c1fdde. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@clabby clabby Awaiting requested review from clabby

@patrick-ogrady patrick-ogrady Awaiting requested review from patrick-ogrady

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dnkolegov-ar