Temporary fix for command injection vulnerability in GHA workflow. (#13600)

Long term fix will require writing our own action to scan the PR body, because of environment variable size limits.
author: Austin S. Hemmelgarn <austin@netdata.cloud> 2022-08-31 14:23:59 -0400
committer: GitHub <noreply@github.com> 2022-08-31 14:23:59 -0400
commit: 0d4ff34e1a7a495d5a81355ade436af5a34b8724 (patch)
tree: 900a38a2c027816bd36de43233c37873596db1a2 /.github
parent: a544d51915fbe69ff56b8485ea43ced1669ffab6 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index ec4e42c002..b39d960bf7 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -41,13 +41,16 @@ jobs:
       - name: Read build matrix
         id: set-matrix
         shell: python3 {0}
+        env:
+          PR_BODY: "${{ github.event.pull_request.body }}"
         run: |
           from ruamel.yaml import YAML
           import json
           import re
+          import os
           FULL_CI_REGEX = '/actions run full ci'
           ALWAYS_RUN_ARCHES = ["amd64", "x86_64"]
-          PR_BODY = """${{ github.event.pull_request.body }}"""
+          PR_BODY = os.environ['PR_BODY']
           yaml = YAML(typ='safe')
           entries = list()
           run_limited = False
author	Austin S. Hemmelgarn <austin@netdata.cloud>	2022-08-31 14:23:59 -0400
committer	GitHub <noreply@github.com>	2022-08-31 14:23:59 -0400
commit	0d4ff34e1a7a495d5a81355ade436af5a34b8724 (patch)
tree	900a38a2c027816bd36de43233c37873596db1a2 /.github
parent	a544d51915fbe69ff56b8485ea43ced1669ffab6 (diff)