### What problem does this PR solve? _Briefly describe what this PR aims to solve. Include background context that will help reviewers understand the purpose of the PR._ This patch remove dangerous code that `may expand into attacker-controllable code` more: ```cli error[template-injection]: code injection via template expansion --> /Users/hyi/prs/ragflow/.github/workflows/tests.yml:35:9 | 35 | - name: Show PR labels | ^^^^^^^^^^^^^^^^^^^^ this step 36 | run: | | _________^ 37 | | echo "Workflow triggered by ${{ github.event_name }}" 38 | | if [[ ${{ github.event_name }} == 'pull_request' ]]; then 39 | | echo "PR labels: ${{ join(github.event.pull_request.labels.*.name, ', ') }}" 40 | | fi | |____________^ github.event.pull_request.labels.*.name may expand into attacker-controllable code | = note: audit confidence → High ``` using zizmor to check https://woodruffw.github.io/zizmor/ but this patch do not fix them all, just remove high audit confidence → High ### Type of change - [ ] Bug Fix (non-breaking change which fixes an issue) - [ ] New Feature (non-breaking change which adds functionality) - [ ] Documentation Update - [ ] Refactoring - [ ] Performance Improvement - [x] Other (please describe): --------- Signed-off-by: yihong0618 <zouzou0208@gmail.com> Co-authored-by: Zhichang Yu <yuzhichang@gmail.com>

8 months ago · eaa1adb3b2
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -32,12 +32,9 @@ jobs:
      # https://github.com/hmarr/debug-action
      #- uses: hmarr/debug-action@v2

      - name: Show PR labels
      - name: Show who triggered this workflow
        run: |
          echo "Workflow triggered by ${{ github.event_name }}"
          if [[ ${{ github.event_name }} == 'pull_request' ]]; then
            echo "PR labels: ${{ join(github.event.pull_request.labels.*.name, ', ') }}"
          fi

      - name: Ensure workspace ownership
        run: echo "chown -R $USER $GITHUB_WORKSPACE" && sudo chown -R $USER $GITHUB_WORKSPACE