From 26bece0d4dcb966d0de7a0b6825566db201c8320 Mon Sep 17 00:00:00 2001
From: Jordan Ritter <jpr5@darkridge.com>
Date: Mon, 18 May 2026 10:54:45 -0700
Subject: [PATCH] fix: Security: Fix 4 findings in GitHub Actions workflows

---
 .github/workflows/tags_yaml_branch_pr_processing.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tags_yaml_branch_pr_processing.yaml b/.github/workflows/tags_yaml_branch_pr_processing.yaml
index e17655543..400c6a344 100644
--- a/.github/workflows/tags_yaml_branch_pr_processing.yaml
+++ b/.github/workflows/tags_yaml_branch_pr_processing.yaml
@@ -44,11 +44,12 @@ jobs:
       - name: Commit and push changes if any
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
         run: |
           git add .
           if [ -n "$(git status --porcelain)" ]; then
             git commit -sm "Update README based on tags.yaml changes"
-            git push origin HEAD:${{ github.event.pull_request.head.ref }}
+            git push origin HEAD:$PR_HEAD_REF
           else
             echo "No changes to commit"
           fi