From e22a9332e3e277e565783ef977c08804a56de241 Mon Sep 17 00:00:00 2001 From: Jacob Walls Date: Fri, 14 Nov 2025 13:39:01 -0500 Subject: [6.0.x] Applied auto-fixes from zizmor findings. Backport of e8958c4690faef27b6715524ecb5c49c3ecb6a09 from main. --- .github/workflows/check_commit_messages.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to '.github/workflows/check_commit_messages.yml') diff --git a/.github/workflows/check_commit_messages.yml b/.github/workflows/check_commit_messages.yml index 1a6d6d1958..e8a7059b0d 100644 --- a/.github/workflows/check_commit_messages.yml +++ b/.github/workflows/check_commit_messages.yml @@ -14,11 +14,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Calculate commit prefix id: vars + env: + GITHUB_EVENT_PULL_REQUEST_BASE_REF: ${{ github.event.pull_request.base.ref }} run: | - BASE="${{ github.event.pull_request.base.ref }}" + BASE="${GITHUB_EVENT_PULL_REQUEST_BASE_REF}" echo "BASE=$BASE" >> $GITHUB_ENV VERSION="${BASE#stable/}" echo "prefix=[$VERSION]" >> $GITHUB_OUTPUT @@ -26,8 +30,9 @@ jobs: - name: Check PR title prefix env: TITLE: ${{ github.event.pull_request.title }} + STEPS_VARS_OUTPUTS_PREFIX: ${{ steps.vars.outputs.prefix }} run: | - PREFIX="${{ steps.vars.outputs.prefix }}" + PREFIX="${STEPS_VARS_OUTPUTS_PREFIX}" if [[ "$TITLE" != "$PREFIX"* ]]; then echo "❌ PR title must start with the required prefix: $PREFIX" exit 1 @@ -40,8 +45,10 @@ jobs: git fetch origin pull/${{ github.event.pull_request.number }}/head:pr - name: Check commit messages prefix + env: + STEPS_VARS_OUTPUTS_PREFIX: ${{ steps.vars.outputs.prefix }} run: | - PREFIX="${{ steps.vars.outputs.prefix }}" + PREFIX="${STEPS_VARS_OUTPUTS_PREFIX}" COMMITS=$(git rev-list base..pr) echo "Checking commit messages for required prefix: $PREFIX" FAIL=0 -- cgit v1.3