Merge pull request #18 from equinix-labs/noexec_custom_script

fix: avoid execution of custom_script during evaluation
equinix-labs · Oct 2, 2024 · 5de4ce8 · 5de4ce8
2 parents f29a6cd + 92a6bca
commit 5de4ce8
Showing 1 changed file with 11 additions and 8 deletions.
diff --git a/action.yml b/action.yml
@@ -95,14 +95,17 @@ runs:
             --labels ${{ steps.get-registration.outputs.runner_scope }} --ephemeral
 
           # Running custom script if provided
-          if [[ -n "${{ inputs.custom_script }}" ]]; then
-            CUSTOM_SCRIPT=$(mktemp $HOME/custom_script.XXXXXX.sh)
-            cat > $CUSTOM_SCRIPT <<'CUSTOM_SCRIPT_EOF'
-            ${{ inputs.custom_script }}
-            CUSTOM_SCRIPT_EOF
-            chmod 0700 $CUSTOM_SCRIPT
-            echo "Running custom user script"
-            $CUSTOM_SCRIPT
+          CUSTOM_SCRIPT=$(mktemp $HOME/custom_script.XXXXXX.sh)
+          cat > $CUSTOM_SCRIPT <<'CUSTOM_SCRIPT_EOF'
+          ${{ inputs.custom_script }}
+          CUSTOM_SCRIPT_EOF
+
+          if [[ -s $CUSTOM_SCRIPT ]]; then
+              chmod 0700 $CUSTOM_SCRIPT
+              echo "Running custom user script"
+              $CUSTOM_SCRIPT
+          else
+              rm $CUSTOM_SCRIPT
           fi
 
           # Install and start the runner service