This is an automated email from the ASF dual-hosted git repository.
yihua pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hudi.git
The following commit(s) were added to refs/heads/master by this push:
new 0983c0ddd56a chore: Harden workflow against command injection in PR
title validation (#18771)
0983c0ddd56a is described below
commit 0983c0ddd56aa9fde8a6a922e2e552c2fb53893a
Author: oryn <[email protected]>
AuthorDate: Tue May 19 00:35:19 2026 +0400
chore: Harden workflow against command injection in PR title validation
(#18771)
Co-authored-by: Y Ethan Guo <[email protected]>
---
.github/workflows/pr_title_validation.yml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pr_title_validation.yml
b/.github/workflows/pr_title_validation.yml
index 9305058af440..c9b2b1b277ec 100644
--- a/.github/workflows/pr_title_validation.yml
+++ b/.github/workflows/pr_title_validation.yml
@@ -17,8 +17,10 @@ jobs:
steps:
- name: Check for legacy PR title format using JIRA or MINOR
id: check-legacy-format
+ env:
+ PR_TITLE: ${{ github.event.pull_request.title }}
run: |
- title="${{ github.event.pull_request.title }}"
+ title="$PR_TITLE"
echo "Checking PR title: $title"
# Check for HUDI JIRA format: [HUDI-1234] description
@@ -65,4 +67,4 @@ jobs:
ignore-semantic-pull-request
validateSingleCommit: false
headerPattern: '^(\w+)(?:\(([^)]+)\))?!?: (.+)$'
- headerPatternCorrespondence: type,scope,subject
\ No newline at end of file
+ headerPatternCorrespondence: type,scope,subject
