Skip to content

[skip changelog] Quote all variables in GitHub Actions workflow shell commands #1302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 31, 2021
Merged

[skip changelog] Quote all variables in GitHub Actions workflow shell commands #1302

merged 1 commit into from
May 31, 2021

Conversation

per1234
Copy link
Contributor

@per1234 per1234 commented May 30, 2021

Please check if the PR fulfills these requirements

  • The PR has no duplicates (please search among the Pull Requests
    before creating one)
  • The PR follows
    our contributing guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • UPGRADING.md has been updated with a migration guide (for breaking changes)
  • What kind of change does this PR introduce?

Bug fix

  • What is the current behavior?

Unquoted variables in shell commands can result in very confusing bugs caused by unexpected interpretation of characters
in the variable contents by the shell, such as globbing and word splitting.

The immediate motivation for this change is that the unquoted certificate password for the macOS notarization guaranteed someone a headache when the password wasn't so well behaved as the author of the previously fragile command had assumed:

security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
  • What is the new behavior?

All variables used in shell command of the GitHub Actions workflows are quoted.

No breaky.

  • Other information:

I verified the changes by running the release workflows using my macOS certificate:

@per1234
[skip changelog] Quote all variables in GitHub Actions workflow shell…
5a00f62 
… commands

Unquoted variables in shell commands can result in very confusing bugs caused by unexpected interpretation of characters
in the variable contents by the shell, such as globbing and word splitting.

The immediate motivation for this change is that the unquoted certificate password for the macOS notarization guaranteed
a someone a headache when the password wasn't so well behaved as the author of the previously fragile command had
assumed:

security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
@per1234 per1234 added type: bug topic: infrastructure Related to project infrastructure labels May 30, 2021
@per1234 per1234 requested review from silvanocerza, umbynos and rsora May 30, 2021 11:38
@per1234 per1234 merged commit c65c2b2 into arduino:master May 31, 2021
@per1234 per1234 deleted the quote-workflow-vars branch May 31, 2021 08:27
@per1234 per1234 self-assigned this Nov 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@umbynos umbynos umbynos approved these changes

@silvanocerza silvanocerza Awaiting requested review from silvanocerza

@rsora rsora Awaiting requested review from rsora

Assignees

@per1234 per1234

Labels
topic: infrastructure Related to project infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@per1234 @umbynos