From 2c33153f2f9d1aea1dc23497b25eb27240ed4d7c Mon Sep 17 00:00:00 2001 From: Dan Palermo Date: Thu, 30 Apr 2026 17:51:44 -0500 Subject: [PATCH 1/2] [lint] For infosec team, use read to iterate over files --- .github/workflows/aomp-shell.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/aomp-shell.yml b/.github/workflows/aomp-shell.yml index 27e573e1e..6191c375f 100644 --- a/.github/workflows/aomp-shell.yml +++ b/.github/workflows/aomp-shell.yml @@ -29,8 +29,8 @@ jobs: - name: Run shellcheck run: | shellcheck_status=0 - for file in ${{ steps.changed-files.outputs.all_changed_files }}; do - if [[ $file == *.sh ]] || [[ $(file "$file") =~ "shell script" ]]; then + while read -r file; do + if [[ "$file" == *.sh ]] || [[ $(file "$file") =~ "shell script" ]]; then file_dir=$(dirname "$file") file_name=$(basename "$file") @@ -43,6 +43,6 @@ jobs: popd || exit 1 fi - done + done <<< "${{ steps.changed-files.outputs.all_changed_files }}" exit $shellcheck_status shell: bash {0} From f82dd4a59087cf6a716c842f75fc74d9e3d0222a Mon Sep 17 00:00:00 2001 From: Dan Palermo Date: Thu, 30 Apr 2026 18:01:37 -0500 Subject: [PATCH 2/2] Change file separator to newline --- .github/workflows/aomp-shell.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/aomp-shell.yml b/.github/workflows/aomp-shell.yml index 6191c375f..3878282e2 100644 --- a/.github/workflows/aomp-shell.yml +++ b/.github/workflows/aomp-shell.yml @@ -17,7 +17,7 @@ jobs: id: changed-files uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 with: - separator: ' ' + separator: '\n' skip_initial_fetch: true base_sha: 'HEAD~1' sha: 'HEAD'