DISCLAIMER: the Run terminal command GitHub Action allows for arbtrary code execution by any user allowed to comment on your issues or pull requests. You should probably never use this except to explore what GitHub Actions could do.
To avoid security issues, replace the use of the Run terminal command GitHub Action with something that validates input or with something that always runs the same command.
My Workflow
This workflow allows you to run any command and commit the changes back into a pull request. For example, you can run /terminal npm version patch --no-git-tag-version to bump the patch version of your Node package.
This workflow:
- Only runs on new pull request comments and only if the comment starts with
/terminal - Acknowledges comments that start with
/terminalby reacting with a+1 - Determines what pull request the comment came from and gets the corresponding branch name
- Checks out the code at that branch
- Runs the command, commits the changes, and pushes it back to the branch
Submission Category:
Maintainer Must-Haves
Yaml File or Link to Code
on: issue_comment: types: [created] jobs: run-and-update: if: contains(github.event.comment.html_url, '/pull/') && startsWith( github.event.comment.body, '/terminal ' ) runs-on: ubuntu-latest steps: - name: Acknowledge command uses: actions/github-script@v3 with: script: | github.reactions.createForIssueComment({ comment_id: context.payload.comment.id, owner: context.repo.owner, repo: context.repo.repo, content: '+1', }); - id: get-ref name: Get branch name uses: actions/github-script@v3 with: result-encoding: string script: | const response = await github.pulls.get({ owner: context.repo.owner, repo: context.repo.repo, pull_number: context.payload.issue.number }); return response.data.head.ref; - uses: actions/checkout@v2 with: ref: ${{ steps.get-ref.outputs.result }} - uses: actions/setup-node@v1 with: node-version: '12' - id: terminal uses: neverendingqs/gh-action-terminal@main - run: | git config user.name github-actions[bot] git config user.email 41898282+github-actions[bot]@users.noreply.github.com git commit -am "chore: update after '${COMMAND}'." git push env: COMMAND: ${{ steps.terminal.outputs.command }} 
Top comments (0)