[Tool] Fix Github Security Issue (backport #43437) (#43439)

Co-authored-by: andyziye <[email protected]>
StarRocks · Apr 1, 2024 · 979d7bc · 979d7bc
1 parent daac431
commit 979d7bc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/.github/workflows/ci-merged.yml b/.github/workflows/ci-merged.yml
@@ -190,9 +190,10 @@ jobs:
           contains(github.event.pull_request.title, '(backport #')
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
         run: |
           LABEL="${GITHUB_BASE_REF##*-}-merged"
-          ORI_PR=$(echo "${{ github.event.pull_request.title }}" | grep -oP '\(backport #\K\d+' | tail -n 1)
+          ORI_PR=$(echo "${PR_TITLE}" | grep -oP '\(backport #\K\d+' | tail -n 1)
           gh pr edit ${ORI_PR} -R ${GITHUB_REPOSITORY} --add-label "${LABEL}"
 
       - name: prepare version label

diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml
@@ -51,8 +51,9 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.number }}
           REPO: ${{ github.repository }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
         run: |
-          ORI_PR=$(echo "${{ github.event.pull_request.title }}" | grep -oP '\(backport #\K\d+' | tail -n 1)
+          ORI_PR=$(echo "${PR_TITLE}" | grep -oP '\(backport #\K\d+' | tail -n 1)
           author=$(gh pr view ${ORI_PR} -R ${REPO} --json author -q '.author.login')
           if [[ ! "${author}" =~ "mergify" ]]; then
             gh pr edit ${PR_NUMBER} -R ${REPO} --add-assignee ${author} || true
@@ -82,7 +83,7 @@ jobs:
           gh pr view ${PR_NUMBER} -R ${REPO} --json body -q .body > body.txt
           ori_body=$(cat body.txt)
           
-          if [[ "${{ github.head_ref }}" == "mergify/bp/"* && "${BACKPORT_SOURCE_PR}" != "" ]]; then
+          if [[ "${GITHUB_HEAD_REF}" == "mergify/bp/"* && "${BACKPORT_SOURCE_PR}" != "" ]]; then
             gh pr view ${BACKPORT_SOURCE_PR} -R ${REPO} --json body -q .body > source_body.txt
             sed -ie '/Bugfix cherry-pick branch check/,$d' source_body.txt
             cat body.txt source_body.txt > tmp_body.txt
@@ -96,9 +97,10 @@ jobs:
 
       - name: check backport pr's title
         if: github.base_ref != 'main' && contains(toJson(github.event.pull_request.body), '[x] This is a backport pr')
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
         run: |
-          PR_TITLE=$(echo "${{ github.event.pull_request.title }}")
-          count=$(echo $PR_TITLE | grep -E '\(backport #[0-9]+)$' | wc -l)
+          count=$(echo "${PR_TITLE}" | grep -E '\(backport #[0-9]+)$' | wc -l)
           if [[ $count -le 0 ]]; then
             echo "::error::Backport PR title is not valid. It should end with '(backport #[0-9]+)'"
             exit 1