fix(ci): indent heredoc content in release workflow#424
Conversation
Heredoc content in shell scripts within YAML workflow files must be indented to avoid YAML parsing errors. Content like ``` (triple backticks) at column 0 is interpreted as YAML syntax, not shell content. The workflow was silently broken since commit f1351bd, causing: - Release events to not trigger the workflow at all - Scorecard to report inability to parse the workflow file Fix by indenting heredoc content and stripping indentation with sed.
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
There was a problem hiding this comment.
Pull request overview
This PR fixes YAML syntax errors in the GitHub Actions release workflow caused by heredoc content that wasn't properly indented, which resulted in markdown triple backticks (```) being interpreted as invalid YAML tokens at column 0.
Key Changes:
- Indented all heredoc content to match YAML nesting level and added sed commands to strip indentation before use
- Changed heredoc delimiters from unquoted to quoted to prevent premature variable expansion
- Modified verification instructions to write to a temporary file first, then strip indentation and append to release notes
| VERIFICATION_EOF | ||
|
|
||
| # Strip indentation and replace placeholder | ||
| sed 's/^ //' /tmp/verification.md | sed "s/RELEASE_TAG_PLACEHOLDER/${RELEASE_TAG}/g" >> /tmp/notes.md |
There was a problem hiding this comment.
The sed command uses a fixed-width indentation pattern that assumes exactly 10 spaces. If the YAML indentation level changes in the future (e.g., if this code block is moved to a different nesting level), this will silently fail to strip the correct amount of indentation. Consider using a more flexible pattern like sed 's/^[[:space:]]*//' to strip all leading whitespace, or document the exact indentation requirement.
| sed 's/^ //' /tmp/verification.md | sed "s/RELEASE_TAG_PLACEHOLDER/${RELEASE_TAG}/g" >> /tmp/notes.md | |
| sed 's/^[[:space:]]*//' /tmp/verification.md | sed "s/RELEASE_TAG_PLACEHOLDER/${RELEASE_TAG}/g" >> /tmp/notes.md |
| PR_EOF | ||
| If you encounter any issues, please open a new issue. | ||
| PR_EOF | ||
| sed -i 's/^ //' /tmp/pr_comment.md |
There was a problem hiding this comment.
The sed command uses a fixed-width indentation pattern that assumes exactly 12 spaces. If the YAML indentation level changes in the future (e.g., if this code block is moved to a different nesting level), this will silently fail to strip the correct amount of indentation. Consider using a more flexible pattern like sed 's/^[[:space:]]*//' to strip all leading whitespace, or document the exact indentation requirement.
| ISSUE_EOF | ||
| If the issue persists or you find related problems, please open a new issue. | ||
| ISSUE_EOF | ||
| sed -i 's/^ //' /tmp/issue_comment.md |
There was a problem hiding this comment.
The sed command uses a fixed-width indentation pattern that assumes exactly 14 spaces. If the YAML indentation level changes in the future (e.g., if this code block is moved to a different nesting level), this will silently fail to strip the correct amount of indentation. Consider using a more flexible pattern like sed 's/^[[:space:]]*//' to strip all leading whitespace, or document the exact indentation requirement.
| cat > /tmp/pr_comment.md << 'PR_EOF' | ||
| 🚀 **Released in [${RELEASE_TAG}](${RELEASE_URL})** | ||
|
|
||
| Thank you for your contribution! 🙏 | ||
| Thank you for your contribution! 🙏 | ||
|
|
||
| This is now available in the latest release. Please test and verify everything works as expected in your environment. | ||
| This is now available in the latest release. Please test and verify everything works as expected in your environment. | ||
|
|
||
| If you encounter any issues, please open a new issue. | ||
| PR_EOF | ||
| If you encounter any issues, please open a new issue. | ||
| PR_EOF |
There was a problem hiding this comment.
The heredoc delimiter has been changed from unquoted to quoted ('PR_EOF'), which prevents variable expansion. However, the content still uses shell variable syntax (${RELEASE_TAG}, ${RELEASE_URL}). These variables are now literal strings that need to be replaced by the subsequent sed commands on line 405. While this works, it adds unnecessary complexity. Consider either: (1) using an unquoted delimiter and letting shell expand the variables naturally, or (2) keeping the quoted delimiter but documenting why variable expansion is deferred to sed.
| cat > /tmp/issue_comment.md << 'ISSUE_EOF' | ||
| 🚀 **Released in [${RELEASE_TAG}](${RELEASE_URL})** | ||
|
|
||
| Thank you for reporting this! 🙏 | ||
| Thank you for reporting this! 🙏 | ||
|
|
||
| The fix/feature is now available in the latest release. Please update and verify everything works as expected. | ||
| The fix/feature is now available in the latest release. Please update and verify everything works as expected. | ||
|
|
||
| If the issue persists or you find related problems, please open a new issue. | ||
| ISSUE_EOF | ||
| If the issue persists or you find related problems, please open a new issue. | ||
| ISSUE_EOF |
There was a problem hiding this comment.
The heredoc delimiter has been changed from unquoted to quoted ('ISSUE_EOF'), which prevents variable expansion. However, the content still uses shell variable syntax (${RELEASE_TAG}, ${RELEASE_URL}). These variables are now literal strings that need to be replaced by the subsequent sed commands on line 433. While this works, it adds unnecessary complexity. Consider either: (1) using an unquoted delimiter and letting shell expand the variables naturally, or (2) keeping the quoted delimiter but documenting why variable expansion is deferred to sed.
| sed -i "s/RELEASE_TAG_PLACEHOLDER/${RELEASE_TAG}/g" /tmp/notes.md | ||
| # Append verification instructions (indented for YAML, then stripped) | ||
| cat > /tmp/verification.md << 'VERIFICATION_EOF' | ||
| --- |
There was a problem hiding this comment.
The heredoc content starts with "---" on line 197, which will be included in the verification output. This appears to be a YAML front matter delimiter that doesn't belong in the markdown verification instructions. This line should be removed as it serves no purpose in the release notes and could confuse users.
| --- |
- Remove stray --- from verification section - Use unquoted heredocs for PR/Issue comments (natural variable expansion) - Remove redundant sed variable substitution commands Addresses Copilot review comments from PR #424.
## Summary Addresses Copilot review comments from PR #424: - Remove stray `---` from verification section (was incorrectly included) - Use unquoted heredocs for PR/Issue comments (enables natural variable expansion) - Remove redundant `sed` variable substitution commands ## Test plan - [x] YAML validates with `yq eval` - [ ] Release workflow triggers correctly on next release
Summary
Root Cause
The release workflow file had heredoc content that was not properly indented: