Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update lambda dockerfile workflow to support .NET 9 #1905

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore: update lambda dockerfile workflow to support .NET 9 #1905

wants to merge 1 commit into from
+31 −31

Conversation

philasmar
Copy link
Contributor

Description of changes:
Update the Lambda dockerfile workflow to support .NET 9

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@philasmar philasmar added the Release Not Needed Add this label if a PR does not need to be released. label Dec 12, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 12, 2024
View reviewed changes
.github/workflows/update-Dockerfiles.yml
Comment on lines +99 to +100
run: |
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_9_AMD64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_9_NEXT_VERSION }}

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need to be addressed?

.github/workflows/update-Dockerfiles.yml
Comment on lines +106 to +107
run: |
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_9_ARM64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_9_NEXT_VERSION }}

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@normj normj normj approved these changes

@96malhar 96malhar Awaiting requested review from 96malhar

@gcbeattyAWS gcbeattyAWS Awaiting requested review from gcbeattyAWS

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
Release Not Needed Add this label if a PR does not need to be released.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@philasmar @normj @gcbeattyAWS