From 267ca9cee142ee19093ffc70c239c68e63e54ab2 Mon Sep 17 00:00:00 2001
From: James Bradlee <james.bradlee@telenor.no>
Date: Tue, 20 Aug 2024 10:49:44 +0200
Subject: [PATCH] in input-helper, add validation to commit input

Signed-off-by: James Bradlee <james.bradlee@telenor.no>
---
 src/input-helper.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/input-helper.ts b/src/input-helper.ts
index bc9382f..768ae62 100644
--- a/src/input-helper.ts
+++ b/src/input-helper.ts
@@ -58,6 +58,10 @@ export async function getInputs(): Promise<IGitSourceSettings> {
 
   // Source branch, source version
   result.commit = core.getInput('commit')
+  if (result.commit && !result.commit.match(/^[0-9a-fA-F]{40}$/)) {
+    throw new Error(`The commit SHA '${result.commit}' is not a valid SHA.`)
+  }
+
   result.ref = core.getInput('ref') ?? result.commit
   if (!result.ref) {
     if (isWorkflowRepository) {