From 0418feada50af419633952c0e71d052a320ea922 Mon Sep 17 00:00:00 2001
From: orbisai0security <orbisai0security@users.noreply.github.com>
Date: Wed, 1 Apr 2026 07:32:27 +0000
Subject: [PATCH] fix: using variable interpolation `${{ in
 build-and-push-image.yml

Using variable interpolation `${{
Addresses yaml.github-actions.security.run-shell-injection.run-shell-injection
---
 .github/workflows/build-and-push-image.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml
index 425f7e39ef..e635c80b4d 100644
--- a/.github/workflows/build-and-push-image.yml
+++ b/.github/workflows/build-and-push-image.yml
@@ -31,11 +31,13 @@ jobs:
 
       # get image tag name
       - name: Get Image Tag Name
+        env:
+          INPUT_TAG: ${{ github.event.inputs.tag }}
         run: |
-          if [ x${{ github.event.inputs.tag }} == x"" ]; then
+          if [ x"$INPUT_TAG" == x"" ]; then
             echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
           else
-            echo "TAG_NAME=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
+            echo "TAG_NAME=$INPUT_TAG" >> $GITHUB_ENV
           fi
       - name: Login to DockerHub
         uses: docker/login-action@v4