fix: avoid shell interpretation of PR body in CI workflows

[tangcent]

This PR cherry-picks a fix from easy-yapi to avoid shell interpretation of PR body in CI workflows.

Changes

• Avoid shell interpretation of PR body in CI workflows

Source

Cherry-picked from easy-yapi commit df083dff

Related

• Original PR: fix: avoid shell interpretation of PR body in CI workflows easy-yapi#1280

[qodo-code-review]

Review Summary by Qodo

Prevent shell interpretation of PR body in CI workflows

🐞 Bug fix

Walkthroughs

Description

• Prevent shell interpretation of special characters in PR body
• Replace echo with printf and environment variables
• Apply fix to both CI workflow files consistently

Diagram

flowchart LR
  A["PR Body with Special Chars"] -->|"Previously: echo with direct substitution"| B["Shell Interprets Backticks/Vars"]
  A -->|"Now: env var + printf"| C["Safe File Storage"]
  B --> D["Potential Command Execution"]
  C --> E["Safe Processing"]

Loading

File Changes

1. .github/workflows/pr-close-issue.yml 🐞 Bug fix +4/-2

Use env var and printf for safe PR body handling

• Added PR_BODY environment variable to capture PR body safely
• Replaced echo with printf '%s' to prevent shell interpretation
• Updated comment to reflect environment variable approach

.github/workflows/pr-close-issue.yml

---

2. .github/workflows/pr-package.yml 🐞 Bug fix +4/-2

Use env var and printf for safe PR body handling

• Added PR_BODY environment variable to capture PR body safely
• Replaced echo with printf '%s' to prevent shell interpretation
• Updated comment to reflect environment variable approach

.github/workflows/pr-package.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

ⓘ The new review experience is currently in Beta. Learn more

[github-actions]

📦 Plugin has been packaged for this PR. You can download easy-api-2.4.3.212.0.zip from the GitHub Actions workflow run by clicking on the "Artifacts" dropdown.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.006%. Comparing base (29838cf) to head (396f1a9).
⚠️ Report is 6 commits behind head on master.

Additional details and impacted files

@@               Coverage Diff               @@
##              master      #619       +/-   ##
===============================================
+ Coverage     53.908%   54.006%   +0.098%     
+ Complexity      2366      2350       -16     
===============================================
  Files            259       259               
  Lines          14699     13541     -1158     
  Branches        3248      3252        +4     
===============================================
- Hits            7924      7313      -611     
+ Misses          5331      4787      -544     
+ Partials        1444      1441        -3     

Flag	Coverage Δ
unittests	54.006% <ø> (+0.098%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 160 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 29838cf...396f1a9. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.