Attempting to run the global-ci workflow from a tackle2-ui PR (https://github.com/konveyor/tackle2-ui/pull/1781), I encountered a pretty big issue. The PR description is blindly copied to a shell command. PR descriptions can contain a lot of markdown formatting. In this case, I initially had a typo with two backticks next to each other.
Attempting to run the global-ci workflow from a tackle2-ui PR (https://github.com/konveyor/tackle2-ui/pull/1781), I encountered a pretty big issue. The PR description is blindly copied to a shell command. PR descriptions can contain a lot of markdown formatting. In this case, I initially had a typo with two backticks next to each other.
This is causing the workflow to crash: https://github.com/konveyor/tackle2-ui/actions/runs/8304215558/job/22729664960#step:2:21
Even after fixing the typo, any text inside a backtick pair,
which is useful formatting for a package name
, that text will run as a command.Please update the workflow to at least quote escape the PR body text before parsing it.