Comments (3)
dlavrenuek
commented on July 17, 2024
1
Hi @RodionKorneev, thank you for reporting the issue. I have tested the output from the code as well as from the action and the generated changelog is not truncated, it seems that this behavior is caused when you consume the changelog. If you are using the changelog with f.e. a request action, you should wrap the changelog prior to consuming it. For me using ${{ toJSON(format('{0}', steps.changelog.outputs.body)) }} has worked out pretty well
- name: Generate changelog
uses: ./
id: changelog
with:
from: "..."
to: "..."
- name: Create a release
uses: octokit/[email protected]
with:
route: POST /repos/${{ github.repository }}/releases
draft: true
name: ${{ steps.next-tag.outputs.tag }}
tag_name: ${{ steps.next-tag.outputs.tag }}
target_commitish: ${{ steps.set-commitish.outputs.commitish }}
body: ${{ toJSON(format('{0}', steps.changelog.outputs.body)) }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
from conventional-changelog-action.
RodionKorneev
commented on July 17, 2024
Thank you for reply @dlavrenuek. You are rigth - the problem is on consumer side.
My consumers code seems like:
- name: Create a release
run: gh release create "${{ steps.next-tag.outputs.tag }}" -p -n "${{ steps.changelog.outputs.body }}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}The problem was in command sintax. Back-quoted text in last argument runs as command.
I solved it by replacing double quotes with single quotes like that:
run: gh release create "${{ steps.next-tag.outputs.tag }}" -p -n '${{ steps.changelog.outputs.body }}'So, now it works as expected =)
from conventional-changelog-action.
dlavrenuek
commented on July 17, 2024
@RodionKorneev the git commit history is considered user input and you should never directly use user input in your commands. Imagine someone would write a commit message with f.e.
chore: fix bug' rm -rf; //
Without any filtering/encoding this string will be directly injected in your command. you should work around it by using env: to pass your input as env variables, but please also consider that you have to encode it there so it is not interpretated as yaml content. Something like that should work (but no warranty):
- name: Create a release
run: gh release create "${{ steps.next-tag.outputs.tag }}" -p -n $BODY
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BODY: ${{ toJSON(format('{0}', steps.changelog.outputs.body)) }}from conventional-changelog-action.
Related Issues (2)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from conventional-changelog-action.