references/lobe-chat
1
0
Fork 0
mirror of https://github.com/lobehub/lobe-chat.git synced 2026-06-13 19:20:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

🐛 fix(workflow): prevent shell injection in auto-tag release (#13319)

Browse Source
This commit is contained in:
Innei
2026-03-27 01:18:35 +08:00
committed by GitHub
parent 14b278fba8
commit 46602be0b3
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/auto-tag-release.yml
+5 -3
View File
@@ -26,8 +26,9 @@ jobs:
- name: Detect release PR (version from title)
id: release
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
PR_TITLE="${{ github.event.pull_request.title }}"
echo "PR Title: $PR_TITLE"
# Match "🚀 release: v{x.x.x}" format (strict semver: x.y.z with optional -prerelease or +build)
@@ -44,9 +45,10 @@ jobs:
- name: Detect patch PR (branch first, title fallback)
id: patch
if: steps.release.outputs.should_tag != 'true'
env:
HEAD_REF: ${{ github.event.pull_request.head.ref }}
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
HEAD_REF="${{ github.event.pull_request.head.ref }}"
PR_TITLE="${{ github.event.pull_request.title }}"
echo "Head ref: $HEAD_REF"
echo "PR Title: $PR_TITLE"