8000 Clearly document passing inputs to the `script` by joshmgross · Pull Request #603 · actions/github-script · GitHub
[go: up one dir, main page]
Skip to content

Clearly document passing inputs to the script #603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 14, 2025
Merged

Clearly document passing inputs to the script #603

merged 2 commits into from
May 14, 2025

Conversation

joshmgross
Copy link
Member

A lot of questions we get around SyntaxErrors are due to misusing Actions Expressions with the script - https://github.com/actions/github-script/issues?q=is:issue%20state:closed%20SyntaxError

This was documented in #126, but I believe it's worth clearly highlighting the security risks of using Actions expressions within the script and moving it up in the README as it's a common scenario.

@Copilot Copilot AI review requested due to automatic review settings May 13, 2025 15:01
@joshmgross joshmgross requested a review from a team as a code owner May 13, 2025 15:01
@joshmgross joshmgross temporarily deployed to debug-integration-test May 13, 2025 15:01 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link
github-actions bot commented May 13, 2025
edited
Loading

Hello from actions/github-script! (23886ca)

Copilot
Copilot AI reviewed May 13, 2025
View reviewed changes
Copy link
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR clarifies how to safely pass inputs into the script step by using environment variables instead of inline Actions expressions, and highlights the security risks of script injection.

  • Adds a new Passing inputs to the script section with example usage
  • Removes the outdated Use env as input snippet further down in the README

@joshmgross joshmgross temporarily deployed to debug-integration-test May 13, 2025 15:05 — with GitHub Actions Inactive
@joshmgross joshmgross merged commit 5ee2b97 into main May 14, 2025
14 checks passed
@joshmgross joshmgross deleted the joshmgross/document-inputs branch May 14, 2025 14:27
@joshmgross joshmgross mentioned this pull request May 14, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@johnsudol johnsudol johnsudol approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joshmgross @johnsudol
0