Fix unsafe evaluation of inputs.use-sudo (#124)

The previous code was (presumably mistakenly) running inputs.use-sudo as a command, which worked assuming it was true or false (as they ignore their arguments), but this results in the action executing the value of inputs.use-sudo as a command. Signed-off-by: Hal Blackburn <[email protected]>
sigstore · May 16, 2023 · 03d0fec · 03d0fec
1 parent 46b5db7
commit 03d0fec
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/action.yml b/action.yml
@@ -176,7 +176,7 @@ runs:
         esac
 
         SUDO=
-        if "${{ inputs.use-sudo }}" == "true" && command -v sudo >/dev/null; then
+        if [[ "${{ inputs.use-sudo }}" == "true" ]] && command -v sudo >/dev/null; then
           SUDO=sudo
         fi