Merge pull request #1121 from mandiant/lsc-1771433323.1682847

mr-tz · web-flow · commit 2e72aa553654 · 2026-02-19T21:33:18.000+01:00
Refactor Github Action per b/485167538
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -19,7 +19,7 @@ jobs:
         # get all history and tags
         fetch-depth: 0
     - name: Get release text
-      run: python .github/scripts/create_releases.py ${{ github.ref_name }} > release_body.txt
+      run: python .github/scripts/create_releases.py ${GITHUB_REF_NAME} > release_body.txt
     - name: Create GitHub release
       uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
       with:
diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml
@@ -59,13 +59,15 @@ jobs:
         pip install pyyaml
     - name: Add new rules to CHANGELOG
       run: |
-        for added_file in ${{ steps.files.outputs.added }}; do
+        for added_file in ${STEPS_FILES_OUTPUTS_ADDED}; do
           [[ $added_file != *.yml ]] && continue # Skip files that are not rules
           [[ $added_file == .git* ]] && continue # Skip git and GitHub Action files
           author=$(python rules/.github/scripts/changelog_author.py rules/$added_file)
           rule=$(echo $added_file | sed 's/\//\\\//g' | sed 's/\.yml//')
           sed -i "0,/- *$/s//- $rule $author\n-/" CHANGELOG.md
         done
+      env:
+        STEPS_FILES_OUTPUTS_ADDED: ${{ steps.files.outputs.added }}
     - name: Commit changes
       run: |
         git config user.email 'capa-dev@mandiant.com'
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -79,21 +79,27 @@ jobs:
       if: github.event_name != 'workflow_dispatch' && github.event_name != 'schedule' && steps.lint_thorough.outcome != 'success'
       run: |
         cd rules/
-        for changed_file in ${{ steps.files.outputs.added_modified }} ${{ steps.files.outputs.renamed }}; do
+        for changed_file in ${STEPS_FILES_OUTPUTS_ADDED_MODIFIED} ${STEPS_FILES_OUTPUTS_RENAMED}; do
           if [[ ! $changed_file =~ .git|.md ]]; then
             tag=$(grep '\sname:' $changed_file | sed 's/^.*: //')
             python ../scripts/lint.py --thorough -t "$tag" -v .
           fi
         done
+      env:
+        STEPS_FILES_OUTPUTS_ADDED_MODIFIED: ${{ steps.files.outputs.added_modified }}
+        STEPS_FILES_OUTPUTS_RENAMED: ${{ steps.files.outputs.renamed }}
     - name: Check feature overlaps on modified rules
       run: |
         cd rules/
-        for changed_file in ${{ steps.files.outputs.added_modified }} ${{ steps.files.outputs.renamed }}; do
+        for changed_file in ${STEPS_FILES_OUTPUTS_ADDED_MODIFIED} ${STEPS_FILES_OUTPUTS_RENAMED}; do
           if [[ ! $changed_file =~ (.git|.md) ]]; then
             python ../scripts/detect_duplicate_features.py . "$changed_file"
           fi
         done
       continue-on-error: true
+      env:
+        STEPS_FILES_OUTPUTS_ADDED_MODIFIED: ${{ steps.files.outputs.added_modified }}
+        STEPS_FILES_OUTPUTS_RENAMED: ${{ steps.files.outputs.renamed }}
 
   # On update of version branch, ensure that branch rules are compatible with latest respective release
   # assume we only update the branch that corresponds to the latest release
@@ -124,6 +130,6 @@ jobs:
         latest: true
         fileName: ${{ env.zip_name }}
     - name: Unzip
-      run: unzip ${{ env.zip_name }} -d latest-release
+      run: unzip ${ZIP_NAME} -d latest-release
     - name: Run latest release with current rules
       run: latest-release/capa -r rules/ tests/data/9324d1a8ae37a36ae560c37448c9705a.exe_
