From 47746add1e7d53352ddf9750424c0632714cd9f1 Mon Sep 17 00:00:00 2001
From: Simon Lecoq <22963968+lowlighter@users.noreply.github.com>
Date: Thu, 14 Sep 2023 05:06:30 +0200
Subject: [PATCH] fix(ci): potential security vulnerabilities

---
 .github/workflows/ci.yml   | 8 ++++++--
 .github/workflows/test.yml | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 321efc02..5428dd71 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -184,9 +184,13 @@ jobs:
       - name: Pull docker image (master)
         run: docker pull ghcr.io/lowlighter/metrics:master
       - name: Tag docker image (release)
-        run: docker tag ghcr.io/lowlighter/metrics:master ghcr.io/lowlighter/metrics:$(echo '${{ github.event.head_commit.message }}' | grep -Po 'v\d+[.]\d+')
+        env:
+          GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
+        run: docker tag ghcr.io/lowlighter/metrics:master ghcr.io/lowlighter/metrics:$(echo $GITHUB_COMMIT_MESSAGE | grep -Po 'v\d+[.]\d+')
       - name: Publish release to GitHub registry
-        run: docker push ghcr.io/lowlighter/metrics:$(echo '${{ github.event.head_commit.message }}' | grep -Po 'v\d+[.]\d+')
+        env:
+          GITHUB_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
+        run: docker push ghcr.io/lowlighter/metrics:$(echo $GITHUB_COMMIT_MESSAGE | grep -Po 'v\d+[.]\d+')
       - name: Tag docker image (latest)
         run: docker tag ghcr.io/lowlighter/metrics:master ghcr.io/lowlighter/metrics:latest
       - name: Publish latest to GitHub registry
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8ffb94b7..7c8a1bc1 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -43,9 +43,13 @@ jobs:
           mkdir -v -p /home/runner/.cache/dprint/cache
           npx dprint fmt --config .github/config/dprint.json
       - name: Build lowlighter/metrics:${{ github.head_ref || 'master' }}
-        run: docker build -t lowlighter/metrics:$(echo ${{ github.head_ref || 'master' }} | sed 's/\//-/g') .
+        env:
+          GIT_REF: ${{ github.head_ref || 'master' }}
+        run: docker build -t lowlighter/metrics:$(echo $GIT_REF | sed 's/[^a-z]/-/g') .
       - name: Run tests
-        run: docker run --rm --entrypoint="" lowlighter/metrics:$(echo ${{ github.head_ref || 'master' }} | sed 's/\//-/g') npm run test-metrics
+        env:
+          GIT_REF: ${{ github.head_ref || 'master' }}
+        run: docker run --rm --entrypoint="" lowlighter/metrics:$(echo $GIT_REF | sed 's/[^a-z]/-/g') npm run test-metrics
 
   # Run CodeQL on branch
   analyze: