|
|
|
|
|
|
by whopdrizzard
104 days ago
|
|
|
zizmor (https://github.com/zizmorcore/zizmor) and actionlint (runs shellcheck on run: | blocks) provide some bandaid. zizmor detects quite a few typical injection patterns like branch names and shellcheck enforces quoeting rules in the shell snippets |
|
|