Commit 03b343e
Fix shell injection in update-changelog workflow for PR titles with backticks (#897)
PR titles containing backticks (e.g., "Remove `v` prefix from release
tags") cause the changelog workflow to fail with `v: command not found`
because bash interprets backticks as command substitution.
### Changes
- Move variable assignments from `run:` to `env:` block in the "Update
CHANGELOG.md" step
### Before
```yaml
run: |
PR_TITLE="${{ github.event.pull_request.title }}" # Backticks interpreted by bash
```
### After
```yaml
env:
PR_TITLE: ${{ github.event.pull_request.title }} # Set by GHA before shell runs
run: |
./bin/update-changelog.sh "$PR_TITLE" ...
```
Using the `env:` block ensures GitHub Actions sets environment variables
before the shell executes, preventing interpretation of special
characters.
<!-- START COPILOT CODING AGENT TIPS -->
---
📱 Kick off Copilot coding agent tasks wherever you are with [GitHub
Mobile](https://gh.io/cca-mobile-docs), available on iOS and Android.
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: DannyvdSluijs <618940+DannyvdSluijs@users.noreply.github.com>1 parent 0b390a7 commit 03b343e
1 file changed
Lines changed: 5 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
58 | 58 | | |
59 | 59 | | |
60 | 60 | | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
61 | 66 | | |
62 | | - | |
63 | | - | |
64 | | - | |
65 | | - | |
66 | 67 | | |
67 | | - | |
68 | 68 | | |
69 | 69 | | |
70 | 70 | | |
| |||
0 commit comments