From 83a909716a400525156e318722c312f8eb3c3f91 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Thu, 16 May 2024 17:08:06 +0200
Subject: [PATCH] secure workflow

---
 .github/workflows/publish-central.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 6f14836..f075bc2 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -24,10 +24,11 @@ jobs:
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
           gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.inputs.tag }}
-        run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
+        run: mvn versions:set -B -DnewVersion=$GIT_TAG
       - name: Deploy
         run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
         env:
+          GIT_TAG: ${{ github.event.inputs.tag }}
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
\ No newline at end of file