Actions workflow definition with unclosed string is still executed #10380

New Issue

GiteaMirror · 2025-11-02T09:05:45-06:00

GiteaMirror commented

2025-11-02 09:05:45 -06:00

Originally created by @ChristianSch on GitHub (Mar 3, 2023).

Description

Related to https://github.com/go-gitea/gitea/issues/23275

Given the following workflow file:

name: Gitea Actions Demo
run-name: ${{ github.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
  Explore-Gitea-Actions:
    runs-on: ubuntu-latest
    steps:
      - run: echo "GITHUB_API_URL ${{ GITHUB_API_URL }} GITHUB_SERVER_URL ${{ GITHUB_SERVER_URL }} github.api_url ${{ github.api_url }} github.server_url ${{ github.server_url}}""

(note the double " at the end of the last line)

I expected it to be rejected because it was invalid. I'm not very familiar with the yaml grammar in that depth, but from a UX point of view I'd argue this is invalid and should be noted.

It's still executed though:

PS: a caveat is, that yamllint.com thinks this is valid yaml as well.

Gitea Version

1.19.0+0-rc0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

docker on mac

Database

SQLite

Originally created by @ChristianSch on GitHub (Mar 3, 2023). ### Description Related to https://github.com/go-gitea/gitea/issues/23275 Given the following workflow file: ``` name: Gitea Actions Demo run-name: ${{ github.actor }} is testing out Gitea Actions 🚀 on: [push] jobs: Explore-Gitea-Actions: runs-on: ubuntu-latest steps: - run: echo "GITHUB_API_URL ${{ GITHUB_API_URL }} GITHUB_SERVER_URL ${{ GITHUB_SERVER_URL }} github.api_url ${{ github.api_url }} github.server_url ${{ github.server_url}}"" ``` (note the double `"` at the end of the last line) I expected it to be rejected because it was invalid. I'm not very familiar with the yaml grammar in that depth, but from a UX point of view I'd argue this is invalid and should be noted. It's still executed though: ![image](https://user-images.githubusercontent.com/6138133/222840034-9662b934-1c39-4c61-874e-fe71ffa64212.png) PS: a caveat is, that yamllint.com thinks this is valid yaml as well. ### Gitea Version 1.19.0+0-rc0 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? docker on mac ### Database SQLite

GiteaMirror added the topic/gitea-actions type/bug labels 2025-11-02 09:05:45 -06:00

GiteaMirror commented

2025-11-02 09:05:46 -06:00

@wxiaoguang commented on GitHub (Mar 4, 2023):

If I understand correctly:

The YAML is valid, get the run with echo "..."" , it matches the expectation
The command echo "..."" is invalid (invalid shell command), so the runner should report a error (well, how could such command succeed?)

@wxiaoguang commented on GitHub (Mar 4, 2023): If I understand correctly: * The YAML is valid, get the `run` with `echo "...""` , it matches the expectation * The command `echo "...""` is invalid (invalid shell command), so the runner should report a error (well, how could such command succeed?)

GiteaMirror commented

2025-11-02 09:05:46 -06:00

@ChristianSch commented on GitHub (Mar 4, 2023):

I would argue that the YAML is invalid, not the shell command. If you have : in your echo string (echo "foo: bar"), yaml complains and can't read the file. That's why I don't understand that it happily parses this workflow. I wanted to dig into the reference yaml grammar, but it seems there are a few problems with that and it seems pretty unmaintained at this point.

@ChristianSch commented on GitHub (Mar 4, 2023): I would argue that the YAML is invalid, not the shell command. If you have `:` in your echo string (`echo "foo: bar"`), yaml complains and can't read the file. That's why I don't understand that it happily parses this workflow. I wanted to dig into the reference yaml grammar, but it seems there are a few problems with that and it seems pretty unmaintained at this point.

GiteaMirror commented

2025-11-02 09:05:46 -06:00

@wxiaoguang commented on GitHub (Mar 4, 2023):

I would argue that the YAML is invalid

Since it can be parsed by many YAML parsers (I have tried other online YAML parsers), and it passes yamllint.com , I would prefer to believe that the YAML is valid.

@wxiaoguang commented on GitHub (Mar 4, 2023): > I would argue that the YAML is invalid Since it can be parsed by many YAML parsers (I have tried other online YAML parsers), and it passes yamllint.com , I would prefer to believe that the YAML is valid.

GiteaMirror commented

2025-11-02 09:05:47 -06:00

@ChristianSch commented on GitHub (Mar 4, 2023):

Okay! Very pragmatic thinking, I like it. Then you could argue that my shell command is simply invalid.

@ChristianSch commented on GitHub (Mar 4, 2023): Okay! Very pragmatic thinking, I like it. Then you could argue that my shell command is simply invalid.

GiteaMirror commented

2025-11-02 09:05:47 -06:00

@wxiaoguang commented on GitHub (Mar 4, 2023):

If I understand correctly, the YAML standard is like this:

a: b: c: invalid
a: 'b: c': valid, its value is b: c
a: "b: c": valid, its value is b: c
a: it's good: valid
a: anything": valid, its value is anything"
a: anything"": valid, its value is anything""

my shell command is simply invalid.

Yup, I think so.

@wxiaoguang commented on GitHub (Mar 4, 2023): If I understand correctly, the YAML standard is like this: * `a: b: c`: invalid * `a: 'b: c'`: valid, its value is `b: c` * `a: "b: c"`: valid, its value is `b: c` * `a: it's good`: valid * `a: anything"`: valid, its value is `anything"` * `a: anything""`: valid, its value is `anything""` ---- > my shell command is simply invalid. Yup, I think so.

GiteaMirror commented

2025-11-02 09:05:47 -06:00

@wxiaoguang commented on GitHub (Mar 4, 2023):

If you have : in your echo string (echo "foo: bar"), yaml complains and can't read the file.

You need to quote the value to make it a valid YAML input, like this:

key1: 'my value with : char'
key2: 'my value with : " char'
key3: "my value with : \" char"

@wxiaoguang commented on GitHub (Mar 4, 2023): > If you have `:` in your echo string (`echo "foo: bar"`), yaml complains and can't read the file. You need to quote the value to make it a valid YAML input, like this: ```yaml key1: 'my value with : char' key2: 'my value with : " char' key3: "my value with : \" char" ```

GiteaMirror commented

2025-11-02 09:05:47 -06:00

@ChristianSch commented on GitHub (Mar 4, 2023):

I came to the same understanding. I propose to change this issue to the lacking error reporting. There is an error in the runner logs. Would be handy to have that in the UI somewhere!

| /var/run/act/workflow/0: line 2: unexpected EOF while looking for matching `"'
[Gitea Actions Demo/Explore-Gitea-Actions]   ❌  Failure - Main echo "github.api_url ""

@ChristianSch commented on GitHub (Mar 4, 2023): I came to the same understanding. I propose to change this issue to the lacking error reporting. There is an error in the runner logs. Would be handy to have that in the UI somewhere! ``` | /var/run/act/workflow/0: line 2: unexpected EOF while looking for matching `"' [Gitea Actions Demo/Explore-Gitea-Actions] ❌ Failure - Main echo "github.api_url "" ```

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#10380