diff --git a/.github/workflows/_get-test-matrix.yml b/.github/workflows/_get-test-matrix.yml index e2975a066..91acb8188 100644 --- a/.github/workflows/_get-test-matrix.yml +++ b/.github/workflows/_get-test-matrix.yml @@ -33,6 +33,12 @@ jobs: ref: ${{ env.CHECKOUT_REF }} fetch-depth: 0 + - name: Check Dangerous Command Injection + if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' + uses: opea-project/validation/actions/check-cmd@main + with: + work_dir: ${{ github.workspace }} + - name: Get test matrix id: get-test-matrix run: | diff --git a/.github/workflows/mix-code-scan.yml b/.github/workflows/mix-code-scan.yml index 6d37fe43b..c04c02a49 100644 --- a/.github/workflows/mix-code-scan.yml +++ b/.github/workflows/mix-code-scan.yml @@ -34,6 +34,11 @@ jobs: - name: Checkout out Repo uses: actions/checkout@v4 + - name: Check Dangerous Command Injection + uses: opea-project/validation/actions/check-cmd@main + with: + work_dir: ${{ github.workspace }} + - name: Docker Build run: | docker build -f ${{ github.workspace }}/.github/workflows/docker/${{ env.DOCKER_FILE_NAME }}.dockerfile -t ${{ env.REPO_NAME }}:${{ env.REPO_TAG }} .