From cb3b65d8eba2cbf63aecd098ac69313b409cd688 Mon Sep 17 00:00:00 2001 From: Tim Hadwen Date: Sun, 24 May 2026 11:55:42 +0000 Subject: [PATCH] Fix extract_version: inject commit msg via env (avoid backtick $() trap) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When github.event.head_commit.message contains shell metacharacters (backticks, $(…), etc.) the literal-interpolation form spliced the raw text into bash and triggered command substitution. Caught by the keeb pipeline on Gitea — a commit message with backticks crashed extract_version in 3 seconds and the whole fab graph cascade-skipped. Pattern matches the upload-bom env: COMMIT_MESSAGE indirection used further down the same file. Also routed github.sha the same way so the fallback branch doesn't accidentally re-introduce the same class of bug. Mirror this verbatim into hfsdesign/kicad-ci on Gitea after pushing. --- .gitea/workflows/kibot.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/kibot.yml b/.gitea/workflows/kibot.yml index 49656a7..c13f3b8 100644 --- a/.gitea/workflows/kibot.yml +++ b/.gitea/workflows/kibot.yml @@ -63,16 +63,24 @@ jobs: steps: - uses: actions/checkout@v4 - id: derive + env: + # Inject via env so commit-message / PR-title backticks or + # other shell metacharacters don't trigger command substitution + # when bash evaluates the script. Direct ${{ … }} interpolation + # into the run: body would splice the raw text into bash — + # backticks become $(…). Keep this env-var indirection. + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + PR_TITLE: ${{ github.event.pull_request.title }} + GIT_SHA: ${{ github.sha }} run: | # Dev branch: VERSION=dev. Main branch: parse VX.Y from commit # message (matches the GitLab-side rule). MR-to-main uses the # MR title's V-token, falling back to dev. if [ "${{ github.ref }}" = "refs/heads/main" ]; then - MSG="${{ github.event.head_commit.message }}" - VERSION=$(echo "$MSG" | grep -oE 'V[0-9]+(\.[0-9]+)*' | head -1 || true) - [ -z "$VERSION" ] && VERSION="${{ github.sha }}" && VERSION="${VERSION:0:8}" + VERSION=$(printf '%s' "$COMMIT_MESSAGE" | grep -oE 'V[0-9]+(\.[0-9]+)*' | head -1 || true) + [ -z "$VERSION" ] && VERSION="${GIT_SHA:0:8}" elif [ "${{ github.event_name }}" = "pull_request" ]; then - VERSION=$(echo "${{ github.event.pull_request.title }}" | grep -oE 'V[0-9]+(\.[0-9]+)*' | head -1 || true) + VERSION=$(printf '%s' "$PR_TITLE" | grep -oE 'V[0-9]+(\.[0-9]+)*' | head -1 || true) [ -z "$VERSION" ] && VERSION="dev" else VERSION="dev"