workflows/eval: avoid potential script injection attack (#357753)

This commit is contained in:
Masum Reza 2024-11-21 13:42:27 +05:30 committed by GitHub
commit 8677027f62
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -85,9 +85,11 @@ jobs:
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- name: Evaluate the ${{ matrix.system }} output paths for all derivation attributes - name: Evaluate the ${{ matrix.system }} output paths for all derivation attributes
env:
MATRIX_SYSTEM: ${{ matrix.system }}
run: | run: |
nix-build nixpkgs/ci -A eval.singleSystem \ nix-build nixpkgs/ci -A eval.singleSystem \
--argstr evalSystem ${{ matrix.system }} \ --argstr evalSystem "$MATRIX_SYSTEM" \
--arg attrpathFile ./paths/paths.json \ --arg attrpathFile ./paths/paths.json \
--arg chunkSize 10000 --arg chunkSize 10000
# If it uses too much memory, slightly decrease chunkSize # If it uses too much memory, slightly decrease chunkSize