lupyuen commented on code in PR #19075:
URL: https://github.com/apache/nuttx/pull/19075#discussion_r3385527502
##########
.github/workflows/build.yml:
##########
@@ -45,9 +45,12 @@ jobs:
- name: Determine Target Branches
id: gittargets
shell: bash
+ env:
+ PR_BODY: ${{ github.event.pull_request.body }}
Review Comment:
@zhangning21 This GitHub Actions Design is very unusual for NuttX CI. If I
understand correctly:
1. We expect the PR Author to specify _inside the PR Body_ the dependency:
`depends-on: apache/nuttx/pull/88888888`
2. What if the PR Author edits the dependency in the PR Body? Will the
dependency be rechecked?
3. I'm concerned about parsing the Untrusted Input from the PR Body. Isn't a
PR Label a better way to provide the dependency? E.g.
`depends-on=nuttx/88888888`
4. Are there any other projects using this? I wonder if they are also OK
with parsing Untrusted Input from the PR Body.
5. @simbit18 @linguini1 @cederom Do we think it's a good idea to parse the
dependency from the PR Body? `depends-on: apache/nuttx/pull/88888888`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
