Skip to content

Commit

Permalink
Allow shell to expand variables, not GHA (#11640)
Browse files Browse the repository at this point in the history 
* Allow shell to expand variables, not GHA

This avoids theoretical shell injection risks (in reality there are none).

* Update wheel-builder.yml

* Update wheel-builder.yml
  • Loading branch information
@alex
alex authored Sep 22, 2024
1 parent 4392d2f commit 306175e
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/wheel-builder.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ jobs:
with:
name: cryptography-sdist

- run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -r ${{ env.UV_REQUIREMENTS_PATH }}
- run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -r "${UV_REQUIREMENTS_PATH}"
- run: mkdir wheelhouse
- name: Build the wheel
run: |
Expand Down Expand Up @@ -314,7 +314,8 @@ jobs:
echo "OPENSSL_STATIC=1" >> $GITHUB_ENV
shell: bash

- run: pip install -r ${{ env.UV_REQUIREMENTS_PATH }}
- run: pip install -r "${UV_REQUIREMENTS_PATH}"
shell: bash
- run: mkdir wheelhouse
- run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
Expand All @@ -325,7 +326,8 @@ jobs:
shell: bash
- run: uv venv
- run: uv pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }}
- run: uv pip install --require-hashes -r "${BUILD_REQUIREMENTS_PATH}"
shell: bash
- run: uv pip install cryptography --no-index -f wheelhouse/
- name: Print the OpenSSL we built and linked against
run: |
Expand Down

0 comments on commit 306175e

Please sign in to comment.