Skip to content

issue-arborist: extract github.repository from shell script into step env#356

Merged
dsyme merged 2 commits into
mainfrom
copilot/issue-arborist-extract-github-repository
Jun 24, 2026
Merged

issue-arborist: extract github.repository from shell script into step env#356
dsyme merged 2 commits into
mainfrom
copilot/issue-arborist-extract-github-repository

Conversation

Copilot AI commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

gh aw compile --strict was repeatedly warning on workflows/issue-arborist.md because ${{ github.repository }} was interpolated directly inside a run: shell command. This change applies the compiler’s own hardening pattern in source so compile output is stable and shell-safe.

  • Problem

    • Fetch issues data used expression interpolation inside run:, triggering shell-injection hardening warnings on every compile.

  • Change

    • Added a step-scoped env binding:
      • GH_AW_GITHUB_REPOSITORY: ${{ github.repository }}
    • Switched the gh issue list invocation to use quoted env expansion:
      • --repo "$GH_AW_GITHUB_REPOSITORY"

  • Result

    • Aligns source workflow with gh aw strict guidance (no ${{ }} interpolation inside shell script bodies).
    • Removes recurring auto-rewrite/warning behavior for this step.
- name: Fetch issues data
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    GH_AW_GITHUB_REPOSITORY: ${{ github.repository }}
  run: |
    gh issue list --repo "$GH_AW_GITHUB_REPOSITORY" \
      --search "-parent-issue:*" \
      --state open \
      ...

@dsyme
fix(issue-arborist): extract github.repository into env var
1ee70bb 
Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
Copilot AI changed the title [WIP] Extract github.repository to avoid shell injection warning issue-arborist: extract github.repository from shell script into step env Jun 24, 2026
Copilot finished work on behalf of dsyme June 24, 2026 18:49
Copilot AI requested a review from dsyme June 24, 2026 18:49
@dsyme dsyme marked this pull request as ready for review June 24, 2026 18:50
@dsyme dsyme merged commit 7f7f2aa into main Jun 24, 2026
1 check passed
@dsyme dsyme deleted the copilot/issue-arborist-extract-github-repository branch June 24, 2026 18:50
albertoblue87-netizen
albertoblue87-netizen reviewed Jun 25, 2026
View reviewed changes

@albertoblue87-netizen albertoblue87-netizen left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hecho

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dsyme dsyme Awaiting requested review from dsyme
1 more reviewer
@albertoblue87-netizen albertoblue87-netizen albertoblue87-netizen left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

@dsyme dsyme

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@albertoblue87-netizen @dsyme