Skip to content

fix: avoid shell interpretation of PR body in CI workflows#1280

Merged
tangcent merged 1 commit intomasterfrom
fix/ci-pr-body-shell-escaping
Mar 14, 2026
Merged

fix: avoid shell interpretation of PR body in CI workflows#1280
tangcent merged 1 commit intomasterfrom
fix/ci-pr-body-shell-escaping

Conversation

@tangcent
Copy link
Copy Markdown
Owner

@tangcent tangcent commented Mar 14, 2026

Summary

Fix CI workflow failures caused by special characters (backticks, single quotes, etc.) in PR body text being interpreted as shell commands.

Problem

Both pr-package.yml and pr-close-issue.yml used direct GitHub Actions template substitution inside shell scripts:

echo '${{ github.event.pull_request.body }}'

This causes the PR body content to be injected directly into the shell script, where backticks are interpreted as command substitution and single quotes break quoting. This led to CI failures like:

NoSuchClassError: command not found
syntax error: unexpected end of file

Fix

Pass the PR body as an environment variable and use printf to write it safely:

env:
  PR_BODY: ${{ github.event.pull_request.body }}
run: |
  printf '%s' "$PR_BODY" > pr_body.txt

This avoids any shell interpretation of the PR body content.

@tangcent
fix: avoid shell interpretation of PR body in CI workflows
bacc5df 
Use environment variables and printf instead of direct template
substitution to prevent backticks and special characters in PR
body from being interpreted as shell commands.
@github-actions github-actions bot added the type: bug Something isn't working label Mar 14, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 14, 2026

📦 Plugin has been packaged for this PR. You can download easy-yapi-2.8.4.212.0.zip from the GitHub Actions workflow run by clicking on the "Artifacts" dropdown.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.681%. Comparing base (640e35f) to head (bacc5df).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##              master     #1280   +/-   ##
===========================================
  Coverage     54.681%   54.681%           
  Complexity      2748      2748           
===========================================
  Files            289       289           
  Lines          15329     15329           
  Branches        3714      3714           
===========================================
  Hits            8382      8382           
  Misses          5245      5245           
  Partials        1702      1702
Flag Coverage Δ
unittests 54.681% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 640e35f...bacc5df. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@tangcent tangcent merged commit df083df into master Mar 14, 2026
24 of 25 checks passed
@tangcent tangcent deleted the fix/ci-pr-body-shell-escaping branch March 14, 2026 12:33
This was referenced Mar 15, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tangcent