Skip to content

JIRA 이슈 링크 추가 방식 변경 #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
yoouyeon wants to merge 1 commit into from
Closed

JIRA 이슈 링크 추가 방식 변경 #20

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 8 additions & 17 deletions .github/workflows/pr-review-manager.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,28 +27,19 @@ jobs:
- name: Extract JIRA issue key from branch name
id: extract-jira-key
run: |
JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MOD-[0-9]+' || echo "")
JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "")
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

github.head_ref를 직접 셸에 삽입하면 인젝션 위험이 있습니다.

${{ github.head_ref }}는 사용자가 제어할 수 있는 값(브랜치 이름)이며, 따옴표 없이 셸 명령에 직접 삽입하면 특수 문자로 인한 셸 인젝션이 발생할 수 있습니다. 환경 변수를 통해 값을 전달하는 것이 안전합니다.

🔒 제안하는 수정 방법 
       - name: Extract JIRA issue key from branch name
         id: extract-jira-key
         run: |
-          JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "")
+          JIRA_KEY=$(echo "$HEAD_REF" | grep -oE 'MD-[0-9]+' || echo "")
           echo "jira_key=$JIRA_KEY" >> "$GITHUB_OUTPUT"
+        env:
+          HEAD_REF: ${{ github.head_ref }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "")
- name: Extract JIRA issue key from branch name
id: extract-jira-key
run: |
JIRA_KEY=$(echo "$HEAD_REF" | grep -oE 'MD-[0-9]+' || echo "")
echo "jira_key=$JIRA_KEY" >> "$GITHUB_OUTPUT"
env:
HEAD_REF: ${{ github.head_ref }}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-review-manager.yml at line 30, The current workflow
inserts `${{ github.head_ref }}` directly into a shell pipeline which risks
shell injection; change to pass the branch name via an environment variable and
use a quoted expansion when running grep. Specifically, set an env var (e.g.,
BRANCH_NAME) from `${{ github.head_ref }}` and then compute JIRA_KEY using the
JIRA_KEY assignment (the line that currently uses `JIRA_KEY=$(echo ${{
github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "")`) but replace the direct
insertion with a quoted reference like `"$BRANCH_NAME"` so the grep/echo operate
on a safe, controlled variable.

echo "jira_key=$JIRA_KEY" >> "$GITHUB_OUTPUT"

# PR 본문을 JSON 형식으로 파싱하기 위한 jq 설치
- name: Install jq
if: steps.extract-jira-key.outputs.jira_key != '' # JIRA 이슈 키가 없는 경우에는 실행하지 않음
run: sudo apt-get update && sudo apt-get install -y jq
Comment on lines 34 to 36
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

jq 설치 단계가 더 이상 필요하지 않습니다.

이전에 REST API PATCH 호출에서 JSON을 파싱하기 위해 jq를 설치했지만, 해당 로직이 thollander/actions-comment-pull-request@v3 액션으로 대체되면서 jq는 더 이상 사용되지 않습니다. 이 단계를 제거하면 워크플로우 실행 시간을 줄일 수 있습니다.

♻️ 제안하는 수정 방법 
-      # PR 본문을 JSON 형식으로 파싱하기 위한 jq 설치
-      - name: Install jq
-        if: steps.extract-jira-key.outputs.jira_key != '' # JIRA 이슈 키가 없는 경우에는 실행하지 않음
-        run: sudo apt-get update && sudo apt-get install -y jq
-
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-review-manager.yml around lines 34 - 36, Remove the
GitHub Actions step named "Install jq" (the step block that runs "sudo apt-get
update && sudo apt-get install -y jq" and uses the condition "if:
steps.extract-jira-key.outputs.jira_key != ''") since jq is no longer used;
delete that entire step from the workflow so the job no longer installs jq and
the workflow runtime is reduced.


# https://docs.github.com/en/rest/pulls/pulls?apiVersion=2022-11-28#update-a-pull-request
- name: Add JIRA issue link to PR body
- name: Add JIRA issue link to Comment
if: steps.extract-jira-key.outputs.jira_key != '' # JIRA 이슈 키가 없는 경우에는 실행하지 않음
run: |
PR_BODY=$(cat <<EOF
${{ github.event.pull_request.body }}
EOF)
JIRA_KEY=${{ steps.extract-jira-key.outputs.jira_key }}
JIRA_LINK=$(printf "## 📝 관련 이슈\n\n[%s](%s/browse/%s)" "$JIRA_KEY" "${{ vars.JIRA_BASE_URL }}" "$JIRA_KEY")
UPDATED_BODY=$(printf "%s\n\n%s" "$JIRA_LINK" "$PR_BODY")
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} \
-d "$(jq -n --arg body "$UPDATED_BODY" '{body: $body}')"
uses: thollander/actions-comment-pull-request@v3
with:
message: |
## 📝 관련 이슈

[${{ steps.extract-jira-key.outputs.jira_key }}](${{ vars.JIRA_BASE_URL }}/browse/${{ steps.extract-jira-key.outputs.jira_key }})