From bc9ad6d6ed3e98bf2cb7dce790dac62c5b1e3c4b Mon Sep 17 00:00:00 2001
From: Wenxin Zhang <wenxin.zhang@intel.com>
Date: Fri, 29 Nov 2024 10:27:39 +0800
Subject: [PATCH 1/3] add dangerous cmd check

Signed-off-by: Wenxin Zhang <wenxin.zhang@intel.com>
---
 .github/test_only.sh                 | 8 ++++++++
 .github/workflows/code_scan.yml      | 5 +++++
 .github/workflows/model_test_hpu.yml | 7 +++++++
 3 files changed, 20 insertions(+)
 create mode 100644 .github/test_only.sh

diff --git a/.github/test_only.sh b/.github/test_only.sh
new file mode 100644
index 00000000..8dd76422
--- /dev/null
+++ b/.github/test_only.sh
@@ -0,0 +1,8 @@
+#This is for test only
+docker images
+docker stop $(docker ps -a -q) # this is the dangerous cmd
+docker stop # this is harmless
+docker ps -a # this is harmless
+docker ps -q # this is harmless
+sudo rm -fr  # this is the dangerous cmd
+rm -fr # this is harmless
\ No newline at end of file
diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml
index 2b1ee094..6309fc0c 100644
--- a/.github/workflows/code_scan.yml
+++ b/.github/workflows/code_scan.yml
@@ -34,6 +34,11 @@ jobs:
     steps:
       - name: Checkout out Repo
         uses: actions/checkout@v4
+      
+      - name: Check Dangerous Command Injection
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
 
       - name: Docker Build
         run: |
diff --git a/.github/workflows/model_test_hpu.yml b/.github/workflows/model_test_hpu.yml
index dbb0bb3b..ca09ceda 100644
--- a/.github/workflows/model_test_hpu.yml
+++ b/.github/workflows/model_test_hpu.yml
@@ -50,6 +50,13 @@ jobs:
         with:
           submodules: "recursive"
           fetch-tags: true
+      
+      - name: Check Dangerous Command Injection
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
+          
     # We need this because GitHub needs to clone the branch to pipeline
       - name: Docker Build
         run: |

From bb45d2345e2aa4c98d223b7707bee7c5cd3936ee Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Fri, 29 Nov 2024 02:28:12 +0000
Subject: [PATCH 2/3] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 .github/test_only.sh                 | 5 ++++-
 .github/workflows/code_scan.yml      | 2 +-
 .github/workflows/model_test_hpu.yml | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/test_only.sh b/.github/test_only.sh
index 8dd76422..bccb7196 100644
--- a/.github/test_only.sh
+++ b/.github/test_only.sh
@@ -1,3 +1,6 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
 #This is for test only
 docker images
 docker stop $(docker ps -a -q) # this is the dangerous cmd
@@ -5,4 +8,4 @@ docker stop # this is harmless
 docker ps -a # this is harmless
 docker ps -q # this is harmless
 sudo rm -fr  # this is the dangerous cmd
-rm -fr # this is harmless
\ No newline at end of file
+rm -fr # this is harmless
diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml
index 6309fc0c..8fb360f7 100644
--- a/.github/workflows/code_scan.yml
+++ b/.github/workflows/code_scan.yml
@@ -34,7 +34,7 @@ jobs:
     steps:
       - name: Checkout out Repo
         uses: actions/checkout@v4
-      
+
       - name: Check Dangerous Command Injection
         uses: opea-project/validation/actions/check-cmd@main
         with:
diff --git a/.github/workflows/model_test_hpu.yml b/.github/workflows/model_test_hpu.yml
index ca09ceda..3bea0b81 100644
--- a/.github/workflows/model_test_hpu.yml
+++ b/.github/workflows/model_test_hpu.yml
@@ -50,13 +50,13 @@ jobs:
         with:
           submodules: "recursive"
           fetch-tags: true
-      
+
       - name: Check Dangerous Command Injection
         if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
         uses: opea-project/validation/actions/check-cmd@main
         with:
           work_dir: ${{ github.workspace }}
-          
+
     # We need this because GitHub needs to clone the branch to pipeline
       - name: Docker Build
         run: |

From dce031b717c5e340cb051ab188755644b9db73eb Mon Sep 17 00:00:00 2001
From: Wenxin Zhang <wenxin.zhang@intel.com>
Date: Fri, 29 Nov 2024 14:45:46 +0800
Subject: [PATCH 3/3] clean test code

Signed-off-by: Wenxin Zhang <wenxin.zhang@intel.com>
---
 .github/test_only.sh | 8 --------
 1 file changed, 8 deletions(-)
 delete mode 100644 .github/test_only.sh

diff --git a/.github/test_only.sh b/.github/test_only.sh
deleted file mode 100644
index 8dd76422..00000000
--- a/.github/test_only.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#This is for test only
-docker images
-docker stop $(docker ps -a -q) # this is the dangerous cmd
-docker stop # this is harmless
-docker ps -a # this is harmless
-docker ps -q # this is harmless
-sudo rm -fr  # this is the dangerous cmd
-rm -fr # this is harmless
\ No newline at end of file