Skip to content

Commit

Permalink
fix: shellcheck issues from octoscan
Browse files Browse the repository at this point in the history 
No possible injections, data is the result of sha256sum
  • Loading branch information
@pandatix
pandatix committed Oct 28, 2024
1 parent 6f12e21 commit 4c0210f
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/goreleaser.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ jobs:
run: |
set -euo pipefail
checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
checksum_file="$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')"
echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT"
provenance:
Expand Down Expand Up @@ -83,9 +83,9 @@ jobs:
PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}"
run: |
set -euo pipefail
checksums=$(echo "$CHECKSUMS" | base64 -d)
checksums="$(echo "$CHECKSUMS" | base64 -d)"
while read -r line; do
fn=$(echo $line | cut -d ' ' -f2)
fn="$(echo $line | cut -d ' ' -f2)"
echo "Verifying $fn"
slsa-verifier verify-artifact --provenance-path "$PROVENANCE" \
--source-uri "github.com/$GITHUB_REPOSITORY" \
Expand Down

0 comments on commit 4c0210f

Please sign in to comment.