From fee9e8effe986a020025a6b52de8588b0d8f370f Mon Sep 17 00:00:00 2001
From: Vincent Biret <vibiret@microsoft.com>
Date: Thu, 12 Jun 2025 13:35:33 -0400
Subject: [PATCH 1/2] security: moves variable interpolation to an environment
 variable

Signed-off-by: Vincent Biret <vibiret@microsoft.com>
---
 .github/workflows/pr-storybook.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr-storybook.yml b/.github/workflows/pr-storybook.yml
index 8ef602d39a..5d94c6c68e 100644
--- a/.github/workflows/pr-storybook.yml
+++ b/.github/workflows/pr-storybook.yml
@@ -37,8 +37,10 @@ jobs:
           yarn
       - name: Extract tag name
         shell: bash
+        env:
+          BRANCH_REF: ${{ github.event.pull_request.head.ref }}
         run: |
-          tag=$(branch=${{ github.event.pull_request.head.ref }}; echo ${branch/\//.})
+          tag=$(branch=$BRANCH_REF; echo ${branch/\//.})
           if [[ $tag == next.* ]];
           then
             echo "##[set-output name=tag;]$tag"

From 987a40d792af670f7a825dfd1edc0288d22f6034 Mon Sep 17 00:00:00 2001
From: Vincent Biret <vincentbiret@hotmail.com>
Date: Thu, 12 Jun 2025 14:13:18 -0400
Subject: [PATCH 2/2] chore: simpler expression

---
 .github/workflows/pr-storybook.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-storybook.yml b/.github/workflows/pr-storybook.yml
index 5d94c6c68e..8c70ae07c7 100644
--- a/.github/workflows/pr-storybook.yml
+++ b/.github/workflows/pr-storybook.yml
@@ -40,7 +40,7 @@ jobs:
         env:
           BRANCH_REF: ${{ github.event.pull_request.head.ref }}
         run: |
-          tag=$(branch=$BRANCH_REF; echo ${branch/\//.})
+          tag=$(echo ${BRANCH_REF/\//.})
           if [[ $tag == next.* ]];
           then
             echo "##[set-output name=tag;]$tag"