[ACS-10124] Fix Change this action to not use user-controlled data directly in a run block sonar issue (#4810)

* [ACS-10124] Fix Change this action to not use user-controlled data directly in a run block sonar issue

* [ACS-10124] Corrected typo

.github/actions/get-image-tag/action.yml

@@ -11,10 +11,13 @@ runs:
   steps:
     - name: Get docker image tag name
       shell: bash
+      env:
+        BRANCH_NAME: ${{ inputs.branch_name }}
+        RUN_ID: ${{ github.run_id }}
       run: |
-        if [[ "${{ inputs.branch_name }}" == "master" ]] || [[ "${{ inputs.branch_name }}" == release/* ]]; then
+        if [[ "$BRANCH_NAME" == "master" ]] || [[ "$BRANCH_NAME" == release/* ]]; then
           TAG_VERSION="$(jq -cr '.version' < package.json)"
         else
-          TAG_VERSION="${{ inputs.branch_name }}-${{ github.run_id }}"
+          TAG_VERSION="${BRANCH_NAME}-${RUN_ID}"
         fi
         echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV

.github/actions/git-tag/action.yml

@@ -17,8 +17,11 @@ runs:
   steps:
     - name: publish tag
       shell: bash
+      env:
+        BRANCH_NAME: ${{ inputs.branch_name }}
+        GITHUB_TOKEN: ${{ inputs.github_token }}
       run: |
-        if [[  "${{ inputs.branch_name }}" == "master" ]] || [[ "${{ inputs.branch_name }}" == release/* ]]; then
+        if [[  "$BRANCH_NAME" == "master" ]] || [[ "$BRANCH_NAME" == release/* ]]; then
           VERSION=$(jq -cr '.version' < package.json)
           echo "git tag -a ${VERSION} -m ${VERSION}"
 
@@ -28,7 +31,7 @@ runs:
               if [[ "${{ inputs.dry-run }}" != "true" ]]; then
                 git tag -a ${VERSION} -m "${VERSION} [ci skip] "
                 git remote rm origin
-                GITHUB_REPO=https://${{ inputs.github_token }}:x-oauth-basic@github.com/Alfresco/alfresco-content-app.git
+                GITHUB_REPO=https://$GITHUB_TOKEN:x-oauth-basic@github.com/Alfresco/alfresco-content-app.git
                 git remote add origin $GITHUB_REPO
                 git push origin --tags
               fi

.github/actions/run-e2e-playwright/action.yml

@@ -19,6 +19,8 @@ runs:
 
     - name: Setup and run with options
       shell: bash
+      env:
+        OPTIONS: ${{ inputs.options }}
       run: |
         npm start > /dev/null &\
 
@@ -29,5 +31,5 @@ runs:
         done
         printf "\nApplication is ready.\n"
 
-        echo "Running playwright tests with options ${{ inputs.options }}"
+        echo "Running playwright tests with options $OPTIONS"
-        E2E_TARGET=${{ inputs.options }} npm run ci:e2e
+        E2E_TARGET=$OPTIONS npm run ci:e2e

.github/actions/setup/action.yml

@@ -22,9 +22,11 @@ runs:
     - uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.33.0
     - name: set TAG_NPM
       shell: bash
+      env:
+        NPM_TAG: ${{ inputs.npm_tag }}
       run: |
-        if [[ -n "${{ inputs.npm_tag }}" ]]; then
+        if [[ -n "$NPM_TAG" ]]; then
-          TAG_NPM=${{ inputs.npm_tag }}
+          TAG_NPM=$NPM_TAG
         else
           TAG_NPM="alpha"
           VERSION_IN_PACKAGE_JSON=$(jq -cr '.version' < package.json)

.github/actions/update-library-versions/action.yml

@@ -14,10 +14,12 @@ runs:
   steps:
     - name: Update Versions
       shell: bash
+      env:
+        BRANCH_NAME: ${{ inputs.branch_name }}
       run: |
         VERSION_IN_PACKAGE_JSON=$(jq -cr '.version' < package.json)
 
-        if [[ ${{ inputs.branch_name }} =~ ^master.*?$ ]] || [[ "${{ inputs.branch_name }}" == release/* ]] ; then
+        if [[ $BRANCH_NAME =~ ^master.*?$ ]] || [[ "$BRANCH_NAME" == release/* ]] ; then
           NEW_LIBRARY_VERSION="$VERSION_IN_PACKAGE_JSON"
         else
           NEW_LIBRARY_VERSION="${VERSION_IN_PACKAGE_JSON}-${{ github.run_id }}"