[PATCH] D117745: issue-subscriber: Fix handling of labels with spaces
Tom Stellard via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Jan 20 07:12:03 PST 2022
tstellar marked an inline comment as done.
tstellar added inline comments.
================
Comment at: .github/workflows/issue-subscriber.yml:21-25
./github-automation.py \
--token ${{ secrets.ISSUE_SUBSCRIBER_TOKEN }} \
issue-subscriber \
--issue-number ${{ github.event.issue.number }} \
+ --label-name '${{ github.event.label.name }}'
----------------
Quuxplusone wrote:
> Quuxplusone wrote:
> > Consider single-quoting lines 22 and 24 as well, while you're at it. (Economist's $100 bill corollary: If this technique actually //works//, you'd expect everyone to be doing it.)
> The economist might be right in this case. Did you know it's legal to create a GitHub label containing `'`, e.g. `arthur's test`? Single-quotes-before-and-after is not the same thing as shell escaping. (Unless GitHub treats it the same because magic??)
>
> Perhaps all these command-line options should be env vars instead? I don't know what the right answer is (but I bet StackOverflow does).
>
> I'm pleased to report that https://github.com/llvm/llvm-project/runs/4876930402?check_suite_focus=true //does// helpfully blank out the secret API token with three asterisks `--token *** \` instead of showing it in plain text. That's nice. :)
I've fixed this by ignoring labels with apostrophes. I think it's easier to have a policy to not have apostrophes in label names than to add a lot of complex code just to handle them.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D117745/new/
https://reviews.llvm.org/D117745
More information about the llvm-commits
mailing list