fix(ci): properly escape PR title (#3318)

Within double quoted strings, bash tries to evaluate everything within backticks as a command. The GitHub security guide recommends to use an intermediary environment variable instead: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable See https://github.com/libp2p/rust-libp2p/actions/runs/3889880383/jobs/6638520274#step:3:11.
libp2p · Jan 17, 2023 · 29a7716 · 29a7716
1 parent 735945d
commit 29a7716
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -298,11 +298,12 @@ jobs:
           require_scope: false
 
       - name: Check PR title length
+        env:
+          TITLE: ${{ github.event.pull_request.title }}
         run: |
-          title="${{ github.event.pull_request.title }}"
-          title_length=${#title}
+          title_length=${#TITLE}
           if [ $title_length -gt 72 ]
           then
             echo "PR title is too long (greater than 72 characters)"
             exit 1
-          fi
+          fi