Skip to content

Commit ba30919

Browse files
Skip auto-label flow when TRIGGER_STRING is unset
When TRIGGER_STRING is not configured, String.prototype.includes() coerces undefined to the literal string "undefined". A PR body or comment containing the word "undefined" could therefore falsely match and trigger the auto-label flow. Add an early-return guard at the top of the pull_request.opened and issue_comment.created handlers — matching the existing AUTHORIZED_TEAM check in isAuthorized — so an unset or empty TRIGGER_STRING disables the trigger feature entirely instead of matching a coerced string.
1 parent 285a65f commit ba30919

1 file changed

Lines changed: 11 additions & 3 deletions

File tree

app.js

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -210,8 +210,12 @@ module.exports = (app) => {
210210
});
211211

212212
app.on("pull_request.opened", async (context) => {
213+
if (process.env.TRIGGER_STRING == undefined || process.env.TRIGGER_STRING == "") {
214+
console.log("No trigger string specified. Skipping auto-label check.");
215+
return;
216+
}
213217
let authorized = await isAuthorized(context.payload.sender.login, context.payload.organization.login, context.octokit)
214-
if (context.payload.pull_request.body.toLocaleLowerCase().includes(process.env.TRIGGER_STRING)
218+
if (context.payload.pull_request.body.toLocaleLowerCase().includes(process.env.TRIGGER_STRING)
215219
&& authorized) {
216220

217221
// Found the trigger string, so add the emergency label to trigger the other stuff...
@@ -243,9 +247,13 @@ module.exports = (app) => {
243247
});
244248

245249
app.on("issue_comment.created", async (context) => {
250+
if (process.env.TRIGGER_STRING == undefined || process.env.TRIGGER_STRING == "") {
251+
console.log("No trigger string specified. Skipping auto-label check.");
252+
return;
253+
}
246254
let authorized = await isAuthorized(context.payload.sender.login, context.payload.organization.login, context.octokit)
247-
if (context.payload.issue.pull_request
248-
&& context.payload.comment.body.toLocaleLowerCase().includes(process.env.TRIGGER_STRING)
255+
if (context.payload.issue.pull_request
256+
&& context.payload.comment.body.toLocaleLowerCase().includes(process.env.TRIGGER_STRING)
249257
&& authorized) {
250258

251259
// This is a comment on a PR and we found the trigger string, so add the emergency label to trigger the other stuff...

0 commit comments

Comments
 (0)