workflow_dispatch does not validate input type number, accepts strings #14159

New Issue

Open

opened 2025-11-02 11:04:49 -06:00 by GiteaMirror · 2 comments

GiteaMirror commented 2025-11-02 11:04:49 -06:00

Owner

Copy Link

Originally created by @PDCuong on GitHub (Feb 20, 2025).

Description

In Gitea v1.23, when using workflow_dispatch in actions, the number input type is not properly validated. It accepts string values instead of enforcing numeric input.

Gitea Version

v1.23

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

Define a workflow with an input of type number:

on:
  push:
  workflow_dispatch:
    inputs:
      number_required_1:
        description: 'number-1 '
        type: number
        required: true
        default: '100'
      number_required_2:
        description: 'number-2'
        type: number
        required: true
        default: '100'
      number_required_3:
        description: 'number-3'
        type: number
        required: true
        default: '100'
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - run: echo "Demo non-main branch"
      - run: env | grep inputs

Trigger the workflow manually and enter a string value (e.g., "abc").
The workflow proceeds without validation, even though build_number is expected to be a number.

-> Action logs:

inputs_number_required_3=100
inputs_number_required_2=abc
inputs_number_required_1=100

Trigger the workflow manually and enter a string value (e.g., "abc").
The workflow proceeds without validation, even though build_number is expected to be a number.

Operating System

ubuntu 22.04 LTS

How are you running Gitea?

in docker

Database

None

Originally created by @PDCuong on GitHub (Feb 20, 2025). ### Description In Gitea v1.23, when using workflow_dispatch in actions, the number input type is not properly validated. It accepts string values instead of enforcing numeric input. ### Gitea Version v1.23 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist Define a workflow with an input of type number: ``` yaml on: push: workflow_dispatch: inputs: number_required_1: description: 'number-1 ' type: number required: true default: '100' number_required_2: description: 'number-2' type: number required: true default: '100' number_required_3: description: 'number-3' type: number required: true default: '100' jobs: build: runs-on: ubuntu-latest steps: - run: echo "Demo non-main branch" - run: env | grep inputs ``` Trigger the workflow manually and enter a string value (e.g., "abc"). The workflow proceeds without validation, even though build_number is expected to be a number. -> Action logs: ``` inputs_number_required_3=100 inputs_number_required_2=abc inputs_number_required_1=100 ``` Trigger the workflow manually and enter a string value (e.g., "abc"). The workflow proceeds without validation, even though build_number is expected to be a number. ### Operating System ubuntu 22.04 LTS ### How are you running Gitea? in docker ### Database None

GiteaMirror added the topic/gitea-actionstype/bug labels 2025-11-02 11:04:49 -06:00

GiteaMirror commented 2025-11-02 11:04:50 -06:00

Author

Owner

Copy Link

@ChristopherHX commented on GitHub (Feb 22, 2025):

The last time I looked into the "number" type in dispatch, the result was the exact same between GitHub Actions and Gitea Actions e.g. number behaves exactly like string and becomes type string for the inputs context.

(workflow_call has a number type that is validated and has the correct type in the inputs context)

@ChristopherHX commented on GitHub (Feb 22, 2025): The last time I looked into the "number" type in dispatch, the result was the exact same between GitHub Actions and Gitea Actions e.g. number behaves exactly like string and becomes type string for the `inputs` context. (workflow_call has a number type that is validated and has the correct type in the `inputs` context)

GiteaMirror commented 2025-11-02 11:04:51 -06:00

Author

Owner

Copy Link

@PDCuong commented on GitHub (Feb 26, 2025):

number behaves exactly like string and becomes type string for the inputs context.

However, in the UI, number fields are not validated and can accept string input. This applies to Gitea's workflow_dispatch input.
The expectation is for the UI to validate the input as a string and prevent the workflow from running if it is invalid. Running jobs with invalid input is pretty meaningless.

@PDCuong commented on GitHub (Feb 26, 2025): > number behaves exactly like string and becomes type string for the inputs context. However, in the UI, number fields are not validated and can accept string input. This applies to Gitea's workflow_dispatch input. The expectation is for the UI to validate the input as a string and prevent the workflow from running if it is invalid. Running jobs with invalid input is pretty meaningless.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label topic/gitea-actions type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#14159