From 79436f104108443ca06a2be14012f08c0232eb46 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello <3691490+PeterDaveHello@users.noreply.github.com> Date: Wed, 1 Jul 2026 03:32:12 +0800 Subject: [PATCH] Secure Firefox metadata workflow input --- .github/workflows/firefox-metadata.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/firefox-metadata.yml b/.github/workflows/firefox-metadata.yml index e4f12a22..212bc6fa 100644 --- a/.github/workflows/firefox-metadata.yml +++ b/.github/workflows/firefox-metadata.yml @@ -27,8 +27,15 @@ jobs: run: npm ci - name: Update Firefox metadata - run: npm run release:update-firefox-metadata -- --version "${{ inputs.version }}" + run: | + if [[ ! "$FIREFOX_METADATA_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Firefox version must use x.y.z semver format" >&2 + exit 1 + fi + + npm run release:update-firefox-metadata -- --version "$FIREFOX_METADATA_VERSION" env: + FIREFOX_METADATA_VERSION: ${{ inputs.version }} FIREFOX_EXTENSION_ID: ${{ secrets.FIREFOX_EXTENSION_ID }} FIREFOX_JWT_ISSUER: ${{ secrets.FIREFOX_JWT_ISSUER }} FIREFOX_JWT_SECRET: ${{ secrets.FIREFOX_JWT_SECRET }}