fix: prevent potential dos backtrack issue due to trailing regex #107
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: | |
| - main | |
| jobs: | |
| tag-and-release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # To publish tags and to publish GitHub release | |
| if: | | |
| startsWith(github.event.pull_request.title, 'chore(release):') && | |
| contains(github.event.pull_request.body, '<!-- RELEASE-NOTES-MARKER-START -->') && | |
| github.event.pull_request.user.login == 'release-preview[bot]' && | |
| github.event.pull_request.merged == true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Get all history | |
| fetch-tags: true | |
| - name: Extract version from PR body | |
| id: extract-version | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: string | |
| script: | | |
| const body = context.payload.pull_request.body; | |
| const versionMatch = body.match(/<!-- RELEASE-NOTES-VERSION: ([0-9]+\.[0-9]+\.[0-9]+) -->/); | |
| if (versionMatch) { | |
| return versionMatch[1]; | |
| } | |
| throw new Error('Version not found in PR body'); | |
| - name: Extract release notes from PR body | |
| id: extract-release-notes | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: string | |
| script: | | |
| const body = context.payload.pull_request.body; | |
| const startMarker = '<!-- RELEASE-NOTES-MARKER-START -->'; | |
| const startIndex = body.indexOf(startMarker); | |
| if (startIndex === -1) { | |
| throw new Error('Release notes start marker not found in PR body'); | |
| } | |
| // Start from right after the marker | |
| const releaseNotes = body.substring(startIndex + startMarker.length).trim(); | |
| console.log('Extracted release notes:'); | |
| console.log(releaseNotes); | |
| return releaseNotes; | |
| - name: Create and push tag | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git tag "v${{ steps.extract-version.outputs.result }}" | |
| git push origin v${{ steps.extract-version.outputs.result }} | |
| - name: Create GitHub Release via API | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const owner = context.repo.owner; | |
| const repo = context.repo.repo; | |
| const tag = `v${{ steps.extract-version.outputs.result }}`; | |
| const releaseName = tag; | |
| const body = ${{ toJSON(steps.extract-release-notes.outputs.result) }}; | |
| const release = await github.rest.repos.createRelease({ | |
| owner, | |
| repo, | |
| tag_name: tag, | |
| name: releaseName, | |
| body, | |
| draft: false, | |
| prerelease: false, | |
| target_commitish: 'main' | |
| }); | |
| console.log(`Created release: ${release.data.html_url}`); |