This is an automated email from the ASF dual-hosted git repository. yihua pushed a commit to branch release-1.2.0 in repository https://gitbox.apache.org/repos/asf/hudi.git
commit 441561befd0c3a2b4a427b47114020e5b7e13079 Author: oryn <[email protected]> AuthorDate: Tue May 19 00:35:19 2026 +0400 chore: Harden workflow against command injection in PR title validation (#18771) Co-authored-by: Y Ethan Guo <[email protected]> --- .github/workflows/pr_title_validation.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr_title_validation.yml b/.github/workflows/pr_title_validation.yml index 9305058af440..c9b2b1b277ec 100644 --- a/.github/workflows/pr_title_validation.yml +++ b/.github/workflows/pr_title_validation.yml @@ -17,8 +17,10 @@ jobs: steps: - name: Check for legacy PR title format using JIRA or MINOR id: check-legacy-format + env: + PR_TITLE: ${{ github.event.pull_request.title }} run: | - title="${{ github.event.pull_request.title }}" + title="$PR_TITLE" echo "Checking PR title: $title" # Check for HUDI JIRA format: [HUDI-1234] description @@ -65,4 +67,4 @@ jobs: ignore-semantic-pull-request validateSingleCommit: false headerPattern: '^(\w+)(?:\(([^)]+)\))?!?: (.+)$' - headerPatternCorrespondence: type,scope,subject \ No newline at end of file + headerPatternCorrespondence: type,scope,subject
