ci: fix RCE vulnerability in file overwrite (#10985)

author Kevin Deng 三咲智子 <sxzz@sxzz.moe>

Mon, 20 May 2024 23:05:08 +0000 (07:05 +0800)

committer GitHub <noreply@github.com>

Mon, 20 May 2024 23:05:08 +0000 (07:05 +0800)
author Kevin Deng 三咲智子 <sxzz@sxzz.moe>
Mon, 20 May 2024 23:05:08 +0000 (07:05 +0800)
committer GitHub <noreply@github.com>
Mon, 20 May 2024 23:05:08 +0000 (07:05 +0800)
diff --git a/.github/workflows/size-report.yml b/.github/workflows/size-report.yml

index 590237206796e73a1aeb7218bad155fee74af9dc..766462d6da9446be469cfa45a8fbd86b17f5a5de 100644 (file)
--- a/.github/workflows/size-report.yml
+++ b/.github/workflows/size-report.yml
@@ -40,12 +40,13 @@ jobs:
          with:
            name: pr-number
            run_id: ${{ github.event.workflow_run.id }}
+          path: /tmp/pr-number
  
        - name: Read PR Number
          id: pr-number
          uses: juliangruber/read-file-action@v1
          with:
-          path: ./pr.txt
+          path: /tmp/pr-number/pr.txt
  
        - name: Download Size Data
          uses: dawidd6/action-download-artifact@v3
author	Kevin Deng 三咲智子 <sxzz@sxzz.moe>
	Mon, 20 May 2024 23:05:08 +0000 (07:05 +0800)
committer	GitHub <noreply@github.com>
	Mon, 20 May 2024 23:05:08 +0000 (07:05 +0800)