From 35abda313ca657e5e2fa004be79a2b999791ca2d Mon Sep 17 00:00:00 2001 From: Joe Milazzo Date: Tue, 3 Mar 2026 14:40:28 -0600 Subject: [PATCH] More PR Comments --- .github/workflows/canary-workflow.yml | 5 ---- .github/workflows/pr-check.yml | 40 ++++++++++++-------------- .github/workflows/release-workflow.yml | 14 +++++++-- 3 files changed, 29 insertions(+), 30 deletions(-) diff --git a/.github/workflows/canary-workflow.yml b/.github/workflows/canary-workflow.yml index 3751f0801..7a045160c 100644 --- a/.github/workflows/canary-workflow.yml +++ b/.github/workflows/canary-workflow.yml @@ -15,11 +15,6 @@ jobs: with: fetch-depth: 1 - - uses: actions/upload-artifact@v4 - with: - name: csproj - path: Kavita.Common/Kavita.Common.csproj - - name: Setup .NET Core uses: actions/setup-dotnet@v4 with: diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 8c92d1fc5..736181900 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -1,27 +1,23 @@ name: Validate PR Body on: - pull_request: - branches: [ main, develop, canary ] - types: [opened, synchronize, edited] + pull_request: + branches: [ main, develop, canary ] + types: [opened, synchronize, edited] jobs: - check_pr: - runs-on: ubuntu-24.04 - steps: - - name: Check PR Body - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const { data: pr } = await github.rest.pulls.get({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.payload.pull_request.number - }); - const body = pr.body || ''; - if (/["`]/.test(body)) { - core.setFailed( - 'PR body must not contain double-quotes or backticks.' - ); - } + check_pr: + runs-on: ubuntu-24.04 + steps: + - name: Check PR Body + uses: actions/github-script@v7 + with: + script: | + const checkBody = (bodyText) => { + if (/["`]/.test(bodyText)) { + core.setFailed('PR body must not contain double-quotes or backticks.'); + } + }; + + const body = context.payload.pull_request?.body || ''; + checkBody(body); diff --git a/.github/workflows/release-workflow.yml b/.github/workflows/release-workflow.yml index 3eb808f0a..78f283a1a 100644 --- a/.github/workflows/release-workflow.yml +++ b/.github/workflows/release-workflow.yml @@ -25,13 +25,21 @@ jobs: id: get-notes env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # 1. Map the input to an environment variable safely + PR_NUMBER_INPUT: ${{ inputs.pr_number }} run: | if [[ "${{ github.event_name }}" == "pull_request" ]]; then # Securely extract the PR body without shell interpolation RAW_BODY=$(jq -r '.pull_request.body // empty' "$GITHUB_EVENT_PATH") - elif [[ -n "${{ inputs.pr_number }}" ]]; then - # Fetch via GitHub CLI if manually triggered - RAW_BODY=$(gh pr view ${{ inputs.pr_number }} --repo ${{ github.repository }} --json body --jq '.body') + elif [[ -n "$PR_NUMBER_INPUT" ]]; then + # 2. Validate that the input is strictly numeric + if ! [[ "$PR_NUMBER_INPUT" =~ ^[0-9]+$ ]]; then + echo "Error: pr_number input must be purely numeric." + exit 1 + fi + + # 3. Fetch via GitHub CLI using the validated and quoted variable + RAW_BODY=$(gh pr view "$PR_NUMBER_INPUT" --repo "${{ github.repository }}" --json body --jq '.body') else RAW_BODY="Read full changelog: https://github.com/Kareadita/Kavita/releases/latest" fi