Fix for the potential security vulnerability in Blossom GitHub workflow

NVIDIA-Merlin · Jul 5, 2024 · 9013ee5 · 9013ee5
1 parent c895d54
commit 9013ee5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/blossom-ci.yml b/.github/workflows/blossom-ci.yml
@@ -34,7 +34,7 @@ jobs:
 
     # This job only runs for pull request comments
     if: |
-         contains( 'EmmaQiaoCh,rhdong,Ranjeet-Nvidia,', format('{0},', github.actor)) && 
+         (github.actor == 'EmmaQiaoCh' || github.actor == 'rhdong' || github.actor == 'Ranjeet-Nvidia') &&
          github.event.comment.body == '/blossom-ci'  
     steps:
       - name: Check if comment is issued by authorized person