Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ci): properly escape PR title #3318

Merged
merged 6 commits into from
Jan 17, 2023
Merged

fix(ci): properly escape PR title #3318

merged 6 commits into from
Jan 17, 2023

Conversation

thomaseizinger
Copy link
Contributor

@thomaseizinger thomaseizinger commented Jan 11, 2023
edited
Loading

Description

Within double quoted strings, bash tries to evaluate everything within backticks as a command. The GitHub security guide recommends to use an intermediary environment variable instead: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable

See https://github.com/libp2p/rust-libp2p/actions/runs/3889880383/jobs/6638520274#step:3:11.

Notes

Links to any relevant issues

Open Questions

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • A changelog entry has been made in the appropriate crates

@thomaseizinger thomaseizinger requested review from jxs and mxinden January 11, 2023 05:15
@thomaseizinger thomaseizinger changed the title fix(ci): don't evaluate PR title as command fix(ci): don't evaluate PR title as command Jan 11, 2023
@thomaseizinger thomaseizinger marked this pull request as draft January 11, 2023 05:17
@thomaseizinger
Copy link
Contributor Author

Draft until I have confirmed that this works.

@mxinden
Copy link
Member

mxinden commented Jan 11, 2023

In case another example is needed: https://github.com/libp2p/rust-libp2p/actions/runs/3893266711/jobs/6645662828

@thomaseizinger thomaseizinger changed the title fix(ci): don't evaluate PR title as command fix(ci): properly escape PR title Jan 13, 2023
@thomaseizinger thomaseizinger mentioned this pull request Jan 16, 2023
Merged
4 tasks
@thomaseizinger thomaseizinger marked this pull request as ready for review January 16, 2023 01:37
@thomaseizinger thomaseizinger mentioned this pull request Jan 16, 2023
Merged
4 tasks
@thomaseizinger thomaseizinger mentioned this pull request Jan 17, 2023
Merged
4 tasks
@thomaseizinger
Copy link
Contributor Author

thomaseizinger commented Jan 17, 2023
edited
Loading

@mxinden @jxs Friendly ping, this is ready for review (and has a series of PRs depending on it).

This was referenced Jan 17, 2023
Closed
Merged
@thomaseizinger
Copy link
Contributor Author

Proof that it is working: https://github.com/libp2p/rust-libp2p/actions/runs/3907325150/jobs/6676432195#step:3:10

jxs
jxs approved these changes Jan 17, 2023
View reviewed changes
Copy link
Member

@jxs jxs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mergify mergify bot merged commit 29a7716 into master Jan 17, 2023
@mergify mergify bot deleted the no-run-title-as-command branch January 17, 2023 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jxs jxs jxs approved these changes

@mxinden mxinden Awaiting requested review from mxinden

Assignees
No one assigned
Labels
send-it
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thomaseizinger @mxinden @jxs