Re: [PR] chore(ci): pass workflow inputs via env in shell steps [superset]

Sat, 30 May 2026 00:33:19 -0700 


rusackas commented on code in PR #40556:
URL: https://github.com/apache/superset/pull/40556#discussion_r3328387123


##########
.github/workflows/ephemeral-env.yml:
##########
@@ -319,12 +321,16 @@ jobs:
           INPUT_ISSUE_NUMBER: ${{ github.event.inputs.issue_number || 
github.event.pull_request.number }}
       - name: Get network interface
         id: get-eni
+        env:
+          TASK_ARN: ${{ steps.list-tasks.outputs.task }}
         run: |
-          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ 
steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | 
map(select(.name=="networkInterfaceId"))[0].value')" >> $GITHUB_OUTPUT
+          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks 
"$TASK_ARN" | jq '.tasks[0].attachments[0].details | 
map(select(.name=="networkInterfaceId"))[0].value')" >> $GITHUB_OUTPUT
       - name: Get public IP
         id: get-ip
+        env:
+          ENI_ID: ${{ steps.get-eni.outputs.eni }}
         run: |
-          echo "ip=$(aws ec2 describe-network-interfaces 
--network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r 
'.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
+          echo "ip=$(aws ec2 describe-network-interfaces 
--network-interface-ids "$ENI_ID" | jq -r '.NetworkInterfaces | first | 
.Association.PublicIp')" >> $GITHUB_OUTPUT

Review Comment:
   Good observation, but this is pre-existing behavior — the `jq` without `-r` 
was there before this PR and remains unchanged. This PR's scope is strictly 
template injection prevention (moving `${{ expr }}` out of shell scripts per 
zizmor findings). The JSON-quoting concern would be a valid separate fix, but 
it's outside this PR's scope.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to