fix: pin 1 unpinned action(s),extract 1 unsafe expression(s) to env vars

dagecko · dagecko · commit 07a93e245994 · 2026-04-04T12:01:07.000-04:00
Automated security fixes applied by Runner Guard (https://github.com/Vigilant-LLC/runner-guard). Changes: .github/workflows/build-and-push-docker-image.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build-and-push-docker-image.yml b/.github/workflows/build-and-push-docker-image.yml
@@ -33,7 +33,7 @@ jobs:
 
     steps:
     - name: Decide whether the needed jobs succeeded or failed
-      uses: re-actors/alls-green@release/v1
+      uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
       with:
         jobs: ${{ toJSON(needs) }}
 
@@ -73,8 +73,10 @@ jobs:
         DOCKER_TAG: ${{ inputs.tag || github.ref_name }}
     - name: Log in to GHCR
       run: >-
-        echo ${{ secrets.GITHUB_TOKEN }} |
+        echo "${GITHUB_TOKEN}" |
           docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Push Docker image to GHCR
       run: |
         docker push $IMAGE
