Secure reference to ref_name.

2026-04-15 13:44:31 -07:00 · 2026-04-15 13:44:31 -07:00 · d77dab957b
commit d77dab957b
parent 5b515d5e06
1 changed files with 5 additions and 2 deletions
--- a/.github/workflows/push-lambda.yml
+++ b/.github/workflows/push-lambda.yml
@ -4,6 +4,9 @@ on:
  release:
    types: [published]

+env:
+  REF_NAME: ${{ github.ref_name }}
+
 jobs:
  build-and-push:
    runs-on: ubuntu-latest
@ -35,8 +38,8 @@ jobs:

      - name: Build and lambda jar
        working-directory: filter-cds-updates
-        run: ../mvnw -e -B verify -Djgitver.use-version=${{ github.ref_name }}
+        run: ../mvnw -e -B verify -Djgitver.use-version="${REF_NAME}"

      - name: Upload artifact to S3
        working-directory: filter-cds-updates
-        run: aws s3 cp target/filter-cds-updates-lambda-${{ github.ref_name }}.jar s3://${{ vars.S3_BUCKET }}/${{ vars.S3_BUCKET_KEY }}/
+        run: aws s3 cp "target/filter-cds-updates-lambda-${REF_NAME}.jar" s3://${{ vars.S3_BUCKET }}/${{ vars.S3_BUCKET_KEY }}/