From aa3cfcfedaaa08805b5469778f04a8034173e9a9 Mon Sep 17 00:00:00 2001
From: Ryan Williams <ryan.williams@signalwire.com>
Date: Wed, 18 Sep 2024 13:12:02 -0700
Subject: [PATCH] use env var

---
 .github/actions/test-ruby/action.yml | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/.github/actions/test-ruby/action.yml b/.github/actions/test-ruby/action.yml
index 8c7ba5ae..5bd303e3 100644
--- a/.github/actions/test-ruby/action.yml
+++ b/.github/actions/test-ruby/action.yml
@@ -51,13 +51,29 @@ runs:
     - name: Additional Setup
       if: inputs.ADDITIONAL_SETUP != '[]'
       shell: bash
+      env:
+        ADDITIONAL_COMMANDS: ${{ inputs.ADDITIONAL_COMMANDS }}
       run: |
-        additional_setup='${{ inputs.ADDITIONAL_SETUP }}'
-        echo "$additional_setup" | jq -r '.[]' | while read -r command; do
-          echo "Executing additional setup command: $command"
-          eval "$command"
+        echo "$ADDITIONAL_COMMANDS" | jq -r '.[]' | while read -r command; do
+          echo "Executing command: $command"
+          $command
         done
 
+- name: Execute additional commands
+  if: inputs.ADDITIONAL_COMMANDS != '[]'
+  shell: bash
+  env:
+    ADDITIONAL_COMMANDS: ${{ inputs.ADDITIONAL_COMMANDS }}
+  run: |
+    echo "$ADDITIONAL_COMMANDS" | jq -r '.[]' | while read -r command; do
+      echo "Executing command: $command"
+      if [[ $command == bundle* || $command == rake* ]]; then
+        $command
+      else
+        echo "Skipping unauthorized command: $command"
+      fi
+    done
+
     - uses: actions/cache@v4
       with:
         path: vendor/bundle