From 4918eb7da4dbf9b9e93a7d0568ed587d23016269 Mon Sep 17 00:00:00 2001
From: "zhuangbowei.zbw" <zhuangbowei.zbw@alibaba-inc.com>
Date: Fri, 26 Jul 2024 14:57:19 +0800
Subject: [PATCH] CI: prevent remote code execution through github action

Signed-off-by: zhuangbowei.zbw <zhuangbowei.zbw@alibaba-inc.com>
---
 .github/workflows/ci-unit-test.yml | 36 ++++++++++++++++++++++++++++++
 .github/workflows/ci.yml           | 28 -----------------------
 2 files changed, 36 insertions(+), 28 deletions(-)
 create mode 100644 .github/workflows/ci-unit-test.yml

diff --git a/.github/workflows/ci-unit-test.yml b/.github/workflows/ci-unit-test.yml
new file mode 100644
index 00000000..b15b33a1
--- /dev/null
+++ b/.github/workflows/ci-unit-test.yml
@@ -0,0 +1,36 @@
+name: Unit Test
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - 'main'
+
+jobs:
+  unit-test:
+    name: Unit Test
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: src/github.com/containerd/accelerated-container-image
+          fetch-depth: 100
+
+      - name: install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22.0'
+
+      - name: set env
+        shell: bash
+        run: |
+          echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
+          echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+
+      - name: unit test
+        working-directory: src/github.com/containerd/accelerated-container-image
+        run: |
+          sudo GO_TESTFLAGS=-v make test
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 10496560..7c51bbdb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,34 +17,6 @@ on:
       - labeled
 
 jobs:
-  unit-test:
-    name: Unit Test
-    runs-on: ubuntu-22.04
-    timeout-minutes: 10
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha || github.sha }}
-          path: src/github.com/containerd/accelerated-container-image
-          fetch-depth: 100
-
-      - name: install Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.22.0'
-
-      - name: set env
-        shell: bash
-        run: |
-          echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
-          echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
-
-      - name: unit test
-        working-directory: src/github.com/containerd/accelerated-container-image
-        run: |
-          sudo GO_TESTFLAGS=-v make test
-
   lowercase-repo:
     name: Lowercase Repo
     runs-on: ubuntu-22.04