fix: action ci script security (Tencent#2588)

KMethod · Aug 25, 2023 · bb5a9fe · bb5a9fe
1 parent 00b2f77
commit bb5a9fe
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
@@ -54,10 +54,11 @@ jobs:
         with:
           ref: ${{ steps.comment.outputs.branch }}
       - name: Commit and push if needed
+        env:
+          BODY: ${{ github.event.comment.body }}
         run: |
           txt=$(cat CHANGELOG.md)
-          body='${{ github.event.comment.body }}'
-          echo "${txt%%##*}${body}${txt##*---}" > CHANGELOG.md
+          echo "${txt%%##*} $BODY ${txt##*---}" > CHANGELOG.md
           git add .
           git config --local user.email "github-actions[bot]@users.noreply.github.com"
           git config --local user.name "github-actions[bot]"