build: validate PR metadata before use in coverage publish workflow#12343
Merged
Conversation
Validate the PR number as a positive integer and consume the report
body and PR number as data rather than interpolating artifact-derived
values into the `github-script` and shell steps. Also quote the
coverage artifact processing loop.
---
type: pre_commit_static_analysis_report
description: Results of running static analysis checks when committing changes.
report:
- task: lint_filenames
status: passed
- task: lint_editorconfig
status: passed
- task: lint_markdown
status: na
- task: lint_package_json
status: na
- task: lint_repl_help
status: na
- task: lint_javascript_src
status: na
- task: lint_javascript_cli
status: na
- task: lint_javascript_examples
status: na
- task: lint_javascript_tests
status: na
- task: lint_javascript_benchmarks
status: na
- task: lint_python
status: na
- task: lint_r
status: na
- task: lint_c_src
status: na
- task: lint_c_examples
status: na
- task: lint_c_benchmarks
status: na
- task: lint_c_tests_fixtures
status: na
- task: lint_shell
status: na
- task: lint_typescript_declarations
status: passed
- task: lint_typescript_tests
status: na
- task: lint_license_headers
status: passed
---
Planeshifter
force-pushed
the
philipp/harden-publish-coverage-pr
branch
from
8eff7b1 to
0b92157
Compare
Planeshifter
changed the title
kgryte
reviewed
May 29, 2026
| echo $coverage >> $(dirname $file)/coverage.ndjson | ||
| done | ||
| while IFS= read -r -d '' file; do | ||
| file="${file//artifacts/www-test-code-coverage}" |
Member
There was a problem hiding this comment.
Is the double slash after file intentional?
kgryte
approved these changes
May 29, 2026
kgryte
added
CI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This pull request:
pr-metadataartifact as a positive integer before use.github-scriptand shell steps.Related Issues
No.
Questions
No.
Other
No.
Checklist
AI Assistance
If you answered "yes" above, how did you use AI assistance?
Disclosure
This PR was authored with Claude Code.
@stdlib-js/reviewers