github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-17 06:48:51 +00:00
Code Issues Projects Releases Wiki Activity

workflow: Remove code injection in helm login

Browse Source 
In theory `github.actor` could be used for code
injection, so swap it out.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
2025-05-29 14:00:17 +01:00
parent 6722ea2fd9
commit 776c89453c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/release.yaml vendored
View File

@@ -253,7 +253,7 @@ jobs:
- name: Login to the OCI registries
run: |
echo "${{ secrets.QUAY_DEPLOYER_PASSWORD }}" | helm registry login quay.io --username "${{ vars.QUAY_DEPLOYER_USERNAME }}" --password-stdin
echo "${{ github.token }}" | helm registry login ghcr.io --username "${{ github.actor }}" --password-stdin
echo "${{ github.token }}" | helm registry login ghcr.io --username $ --password-stdin
- name: Push helm chart to the OCI registries
run: |