mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-04-20 00:20:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
253fa9519f49c7d0b2fc9360538088cbb32bcb95
scylladb/.github/workflows
History
Yaron Kaikov 7f236baf61 .github/workflows/trigger-scylla-ci: fix heredoc injection in trigger-scylla-ci workflow 
Move all ${{ }} expression interpolations into env: blocks so they are
passed as environment variables instead of being expanded directly into
shell scripts. This prevents an attacker from escaping the heredoc in
the Validate Comment Trigger step and executing arbitrary commands on
the runner.

The Verify Org Membership step is hardened in the same way for
defense-in-depth.

Refs: GHSA-9pmq-v59g-8fxp
Fixes: SCYLLADB-954

Closes scylladb/scylladb#28935

(cherry picked from commit 977bdd6260)

Closes scylladb/scylladb#28946
2026-03-20 10:32:06 +02:00
..
add-label-when-promoted.yaml
Fix label parsing logic in backport check script
2025-09-08 11:42:16 +03:00
backport-pr-fixes-validation.yaml
.github/workflows/backport-pr-fixes-validation: support Atlassian URL format in backport PR fixes validation
2026-01-27 16:05:06 +02:00
build-scylla.yaml
github: use needs.read-toolchain.outputs.image for build-scylla
2024-09-05 12:58:36 +03:00
call_backport_with_jira.yaml
.github/workflows: enable automatic backport PR creation with Jira sub-issue integration
2026-02-26 09:29:19 +02:00
call_jira_sync.yml
consolidating jira automation to one workflow file
2026-01-05 07:09:03 +02:00
call_sync_milestone_to_jira.yml
github: synching scylladb.git new milestones with Jira releases
2025-12-17 10:05:06 +01:00
call_validate_pr_author_email.yml
.github/workflows: Add email validator workflow
2025-12-23 15:53:06 +02:00
check-license-header.yaml
.github: grant write permissions for PR comments in license check workflow
2025-02-07 16:09:42 +08:00
clang-nightly.yaml
github: use clang-21 in clang-nightly workflow
2025-02-05 14:58:35 +03:00
clang-tidy.yaml
github: Skip clang-tidy when not explicitly requested
2025-02-27 13:28:35 +03:00
codespell.yaml
codespell: ignore iif and tread
2025-12-29 13:53:56 +01:00
conflict_reminder.yaml
./github/workflows/conflict_reminder: improve workflow with weekly notifications
2025-07-22 15:21:12 +03:00
differential-shellcheck.yaml
.github: Add differential-shellcheck workflow for shell script analysis
2024-12-04 13:34:53 +02:00
docs-pages.yaml
Potential fix for code scanning alert no. 144: Workflow does not contain permissions
2026-01-12 12:21:35 +02:00
docs-pr.yaml
.github/workflows/docs-pr.yaml: add workflow permissions
2026-01-13 10:15:45 +02:00
docs-validate-metrics.yml
.github/workflows/docs-validate-metrics.yml: add workflow permissions
2026-01-13 10:16:35 +02:00
iwyu.yaml
github: improve seastar bad include check
2025-03-30 11:56:18 +03:00
make-pr-ready-for-review.yaml
.github: Make "make-pr-ready-for-review" workflow run in base repo
2025-04-08 09:30:18 +03:00
pr-require-backport-label.yaml
.github: add delay before checking for required PR labels
2025-04-02 19:28:15 +03:00
read-toolchain.yaml
.github/workflows/read-toolchain.yaml: hardening for code scanning alert no. 146: Workflow does not contain permissions #27807
2026-01-13 08:57:53 +02:00
reproducible-build.yaml
github: disable scheduled workflow on forks
2024-07-15 19:19:28 +08:00
seastar.yaml
.github: use the toolchain specified by tools/toolchain/image
2025-01-14 07:56:38 -05:00
sync-labels.yaml
github: Enhance label sync to support P0/P1 priority labels
2025-08-22 06:50:13 +03:00
trigger_ci.yaml
Trigger scylla-ci directly from PR instead of scylla-ci-route job
2025-11-10 15:10:11 +02:00
trigger_jenkins.yaml
.github: Update github action for triggering next gating
2025-03-10 14:38:08 +02:00
trigger-scylla-ci.yaml
.github/workflows/trigger-scylla-ci: fix heredoc injection in trigger-scylla-ci workflow
2026-03-20 10:32:06 +02:00
urgent_issue_reminder.yml
Update urgent_issue_reminder.yml - run daily
2025-09-25 11:05:51 +03:00