MESH-2530 Address action vulnerability

acarriedev · acarriedev · commit b5604558987e · 2025-08-27T15:57:13.000+01:00
diff --git a/.github/workflows/merge-develop.yml b/.github/workflows/merge-develop.yml
@@ -123,7 +123,7 @@ jobs:
           python-version-file: "pyproject.toml"
 
       - name: setup poetry
-        uses: abatilo/actions-poetry@v4
+        uses: abatilo/actions-poetry@0dd19c9498c3dc8728967849d0d2eae428a8a3d8
         with:
           poetry-version: 1.5.1
 
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -35,11 +35,14 @@ jobs:
       - name: merge into base_branch
         if: ${{ github.event_name == 'pull_request' }}
         run: |
-          echo base branch "${{ github.base_ref }}"
-          echo pr branch "${{ github.head_ref }}"
-          git checkout "${{ github.base_ref }}"
+          echo base branch "$BASE_BRANCH"
+          echo pr branch "$PR_BRANCH"
+          git checkout "$BASE_BRANCH"
           git checkout -b "merging-${{ github.event.number }}"
           git merge --ff-only "${{ github.event.pull_request.head.sha }}"
+        env:
+          BASE_BRANCH: ${{ github.base_ref }}
+          PR_BRANCH: ${{ github.head_ref }}
 
       - name: setup python
         uses: actions/setup-python@v5
@@ -164,11 +167,14 @@ jobs:
       - name: merge into base_branch
         if: ${{ github.event_name == 'pull_request' }}
         run: |
-          echo base branch "${{ github.base_ref }}"
-          echo pr branch "${{ github.head_ref }}"
-          git checkout "${{ github.base_ref }}"
+          echo base branch "$BASE_BRANCH"
+          echo pr branch "$PR_BRANCH"
+          git checkout "$BASE_BRANCH"
           git checkout -b "merging-${{ github.event.number }}"
           git merge --ff-only "${{ github.event.pull_request.head.sha }}"
+        env:
+          BASE_BRANCH: ${{ github.base_ref }}
+          PR_BRANCH: ${{ github.head_ref }}
 
       - name: setup python
         uses: actions/setup-python@v5
@@ -248,11 +254,14 @@ jobs:
       - name: merge into base_branch
         if: ${{ github.event_name == 'pull_request' }}
         run: |
-          echo base branch "${{ github.base_ref }}"
-          echo pr branch "${{ github.head_ref }}"
-          git checkout "${{ github.base_ref }}"
+          echo base branch "$BASE_BRANCH"
+          echo pr branch "$PR_BRANCH"
+          git checkout "$BASE_BRANCH"
           git checkout -b "merging-${{ github.event.number }}"
           git merge --ff-only "${{ github.event.pull_request.head.sha }}"
+        env:
+          BASE_BRANCH: ${{ github.base_ref }}
+          PR_BRANCH: ${{ github.head_ref }}
 
       - name: setup python
         uses: actions/setup-python@v5
