DISCLAIMER: the Run terminal command
GitHub Action allows for arbtrary code execution by any user allowed to comment on your issues or pull requests. You should probably never use this except to explore what GitHub Actions could do.
To avoid security issues, replace the use of the Run terminal command
GitHub Action with something that validates input or with something that always runs the same command.
My Workflow
This workflow allows you to run any command and commit the changes back into a pull request. For example, you can run /terminal npm version patch --no-git-tag-version
to bump the patch version of your Node package.
This workflow:
- Only runs on new pull request comments and only if the comment starts with
/terminal
- Acknowledges comments that start with
/terminal
by reacting with a+1
- Determines what pull request the comment came from and gets the corresponding branch name
- Checks out the code at that branch
- Runs the command, commits the changes, and pushes it back to the branch
Submission Category:
Maintainer Must-Haves
Yaml File or Link to Code
on:
issue_comment:
types: [created]
jobs:
run-and-update:
if: contains(github.event.comment.html_url, '/pull/') && startsWith( github.event.comment.body, '/terminal ' )
runs-on: ubuntu-latest
steps:
- name: Acknowledge command
uses: actions/github-script@v3
with:
script: |
github.reactions.createForIssueComment({
comment_id: context.payload.comment.id,
owner: context.repo.owner,
repo: context.repo.repo,
content: '+1',
});
- id: get-ref
name: Get branch name
uses: actions/github-script@v3
with:
result-encoding: string
script: |
const response = await github.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.issue.number
});
return response.data.head.ref;
- uses: actions/checkout@v2
with:
ref: ${{ steps.get-ref.outputs.result }}
- uses: actions/setup-node@v1
with:
node-version: '12'
- id: terminal
uses: neverendingqs/gh-action-terminal@main
- run: |
git config user.name github-actions[bot]
git config user.email 41898282+github-actions[bot]@users.noreply.github.com
git commit -am "chore: update after '${COMMAND}'."
git push
env:
COMMAND: ${{ steps.terminal.outputs.command }}
Top comments (0)