From f6b70a6e85722b0459b168af16a1b2d864b44012 Mon Sep 17 00:00:00 2001 From: Test User Date: Tue, 10 Jun 2025 11:57:49 +0800 Subject: [PATCH 1/4] Update doc_review.yml --- .github/workflows/doc_review.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/doc_review.yml b/.github/workflows/doc_review.yml index 79614b63b3d24..ec985caa7a316 100644 --- a/.github/workflows/doc_review.yml +++ b/.github/workflows/doc_review.yml @@ -20,16 +20,9 @@ jobs: ( github.event_name == 'issue_comment' && contains(github.event.comment.body, '/bot-review') && - contains('hfxsd,likidu,lilin90,Oreoxmt,qiancai', github.event.comment.user.login) + (github.event.comment.user.login == 'hfxsd' || github.event.comment.user.login == 'likidu' || github.event.comment.user.login == 'lilin90' || github.event.comment.user.login == 'Oreoxmt' || github.event.comment.user.login == 'qiancai') ) steps: - - name: Debug Info - run: | - echo "Event name: ${{ github.event_name }}" - echo "Event type: ${{ github.event.action }}" - echo "Comment body: ${{ github.event.comment.body || 'No comment body' }}" - echo "Comment author: ${{ github.event.comment.user.login || 'No user' }}" - - name: Checkout Repo uses: actions/checkout@v3 with: @@ -40,7 +33,6 @@ jobs: if: github.event_name == 'issue_comment' run: | COMMENT="${{ github.event.comment.body }}" - echo "Raw comment: $COMMENT" # Match commit range if [[ "$COMMENT" =~ \/bot-review:[[:space:]]*([a-f0-9]{7,40})[[:space:]]*\.\.[[:space:]]*([a-f0-9]{7,40}) ]]; then From 2bd0a33ee03b5bf82ca5a0f78e6530b75beedb68 Mon Sep 17 00:00:00 2001 From: Test User Date: Tue, 10 Jun 2025 12:06:38 +0800 Subject: [PATCH 2/4] improve security --- .github/workflows/doc_review.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/doc_review.yml b/.github/workflows/doc_review.yml index ec985caa7a316..35c78f722a6fe 100644 --- a/.github/workflows/doc_review.yml +++ b/.github/workflows/doc_review.yml @@ -31,24 +31,24 @@ jobs: - name: Extract review parameters id: extract if: github.event_name == 'issue_comment' + env: + COMMENT_BODY: ${{ github.event.comment.body }} run: | - COMMENT="${{ github.event.comment.body }}" - # Match commit range - if [[ "$COMMENT" =~ \/bot-review:[[:space:]]*([a-f0-9]{7,40})[[:space:]]*\.\.[[:space:]]*([a-f0-9]{7,40}) ]]; then + if [[ "$COMMENT_BODY" =~ \/bot-review:[[:space:]]*([a-f0-9]{7,40})[[:space:]]*\.\.[[:space:]]*([a-f0-9]{7,40}) ]]; then echo "BASE_SHA=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT echo "HEAD_SHA=${BASH_REMATCH[2]}" >> $GITHUB_OUTPUT echo "REVIEW_MODE=commit_range" >> $GITHUB_OUTPUT - echo "Detected commit range with regex: ${BASH_REMATCH[1]}..${BASH_REMATCH[2]}" + printf "Detected commit range with regex: %s..%s\\n" "${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}" # Match a single commit - elif [[ "$COMMENT" =~ \/bot-review:[[:space:]]+([a-f0-9]{7,40}) ]]; then + elif [[ "$COMMENT_BODY" =~ \/bot-review:[[:space:]]+([a-f0-9]{7,40}) ]]; then echo "COMMIT_SHA=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT echo "REVIEW_MODE=single_commit" >> $GITHUB_OUTPUT - echo "Detected single commit: ${BASH_REMATCH[1]}" + printf "Detected single commit: %s\\n" "${BASH_REMATCH[1]}" # Match "/bot-review" or "/bot-review " - elif [[ "$COMMENT" =~ ^\/bot-review[[:space:]]*$ ]]; then + elif [[ "$COMMENT_BODY" =~ ^\/bot-review[[:space:]]*$ ]]; then echo "REVIEW_MODE=latest" >> $GITHUB_OUTPUT echo "Detected default review mode" From 1b52df9cf86a64839ad1bd73a3de51afe0111e7d Mon Sep 17 00:00:00 2001 From: Test User Date: Tue, 10 Jun 2025 12:17:25 +0800 Subject: [PATCH 3/4] Update doc_review.yml --- .github/workflows/doc_review.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/doc_review.yml b/.github/workflows/doc_review.yml index 35c78f722a6fe..fe7c7998f955b 100644 --- a/.github/workflows/doc_review.yml +++ b/.github/workflows/doc_review.yml @@ -31,24 +31,22 @@ jobs: - name: Extract review parameters id: extract if: github.event_name == 'issue_comment' - env: - COMMENT_BODY: ${{ github.event.comment.body }} run: | # Match commit range - if [[ "$COMMENT_BODY" =~ \/bot-review:[[:space:]]*([a-f0-9]{7,40})[[:space:]]*\.\.[[:space:]]*([a-f0-9]{7,40}) ]]; then + if [[ "$COMMENT" =~ \/bot-review:[[:space:]]*([a-f0-9]{7,40})[[:space:]]*\.\.[[:space:]]*([a-f0-9]{7,40}) ]]; then echo "BASE_SHA=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT echo "HEAD_SHA=${BASH_REMATCH[2]}" >> $GITHUB_OUTPUT echo "REVIEW_MODE=commit_range" >> $GITHUB_OUTPUT printf "Detected commit range with regex: %s..%s\\n" "${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}" # Match a single commit - elif [[ "$COMMENT_BODY" =~ \/bot-review:[[:space:]]+([a-f0-9]{7,40}) ]]; then + elif [[ "$COMMENT" =~ \/bot-review:[[:space:]]+([a-f0-9]{7,40}) ]]; then echo "COMMIT_SHA=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT echo "REVIEW_MODE=single_commit" >> $GITHUB_OUTPUT printf "Detected single commit: %s\\n" "${BASH_REMATCH[1]}" # Match "/bot-review" or "/bot-review " - elif [[ "$COMMENT_BODY" =~ ^\/bot-review[[:space:]]*$ ]]; then + elif [[ "$COMMENT" =~ ^\/bot-review[[:space:]]*$ ]]; then echo "REVIEW_MODE=latest" >> $GITHUB_OUTPUT echo "Detected default review mode" From 53c3f0eb5282e2d128e3d8d2bb252061669d0043 Mon Sep 17 00:00:00 2001 From: Test User Date: Tue, 10 Jun 2025 13:30:51 +0800 Subject: [PATCH 4/4] Update doc_review.yml --- .github/workflows/doc_review.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/doc_review.yml b/.github/workflows/doc_review.yml index fe7c7998f955b..6c08c644214bb 100644 --- a/.github/workflows/doc_review.yml +++ b/.github/workflows/doc_review.yml @@ -32,6 +32,8 @@ jobs: id: extract if: github.event_name == 'issue_comment' run: | + COMMENT="${{ github.event.comment.body }}" + # Match commit range if [[ "$COMMENT" =~ \/bot-review:[[:space:]]*([a-f0-9]{7,40})[[:space:]]*\.\.[[:space:]]*([a-f0-9]{7,40}) ]]; then echo "BASE_SHA=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT