ci: Quote Bash and YAML variables in workflows

Kurt-von-Laven · Kurt-von-Laven · commit 00675d097f43 · 2022-05-11T06:00:55.000-04:00
Prevent strings that should be interpreted literally from being
interpreted as keywords, operators, etc. Also, consistently style GitHub
Actions expressions with spaces separating curly braces from variables.
diff --git a/.github/workflows/bumpversion.yaml b/.github/workflows/bumpversion.yaml
@@ -17,12 +17,12 @@ jobs:
       - name: Create bump and changelog
         uses: commitizen-tools/commitizen-action@master
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: "${{ secrets.GITHUB_TOKEN }}"
           changelog_increment_filename: body.md
       - name: Release
         uses: softprops/action-gh-release@v1
         with:
           body_path: "body.md"
-          tag_name: ${{ env.REVISION }}
+          tag_name: "${{ env.REVISION }}"
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/test_action.yml b/.github/workflows/test_action.yml
@@ -10,13 +10,13 @@ jobs:
     steps:
       - uses: actions/checkout@v2
         with:
-          ref: ${{github.event.pull_request.head.ref}}
-          repository: ${{github.event.pull_request.head.repo.full_name}}
+          ref: "${{ github.event.pull_request.head.ref }}"
+          repository: "${{ github.event.pull_request.head.repo.full_name }}"
           fetch-depth: 0  # ensures that tags are fetched, seems to be needed
       - name: Capture commit id
         id: capture
         run: |
-          COMMIT_ID=$(git rev-parse ${{ github.head_ref }})
+          COMMIT_ID="$(git rev-parse "${{ github.head_ref }}")"
           echo "The sha of the starting commit is $COMMIT_ID"
           echo "::set-output name=commit::$COMMIT_ID"
       - name: create test commit
@@ -29,27 +29,27 @@ jobs:
       - name: test action
         uses: ./
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: "${{ secrets.GITHUB_TOKEN }}"
           commit: false
           push: false
       - uses: actions/checkout@v2
         with:
-          ref: ${{github.event.pull_request.head.ref}}
-          repository: ${{github.event.pull_request.head.repo.full_name}}
+          ref: "${{ github.event.pull_request.head.ref }}"
+          repository: "${{ github.event.pull_request.head.repo.full_name }}"
           fetch-depth: 0  # ensures that tags are fetched, seems to be needed
           path: new_head
       - name: Test push
         run: |
           cd new_head
-          last_pushed_commit=$(git rev-parse ${{ github.head_ref }})
+          last_pushed_commit="$(git rev-parse "${{ github.head_ref }}")"
           echo "Commit sha on origin: $last_pushed_commit"
-          if [[ $last_pushed_commit != ${{steps.capture.outputs.commit}} ]]; then
+          if [[ $last_pushed_commit != ${{ steps.capture.outputs.commit }} ]]; then
             echo "Something got pushed to ${{ github.head_ref }}"
             exit 1
           fi
       - name: Test commit
         run: |
-          commit_message=$(git log -1 HEAD --pretty=format:%s)
+          commit_message="$(git log -1 HEAD --pretty=format:%s)"
           echo "Latest commit: $commit_message"
           if [[ $commit_message != "feat: test feature" ]]; then
             echo "The latest commit message is not 'feat: test feature'"
