diff --git a/docs/workflow-structure.md b/docs/workflow-structure.md index 1c7fbab67f..0a892ea44e 100644 --- a/docs/workflow-structure.md +++ b/docs/workflow-structure.md @@ -132,6 +132,9 @@ The following GitHub Actions context expressions are permitted in workflow markd - `${{ github.event.review_comment.id }}` - The ID of the review comment that triggered the workflow - `${{ github.event.sender.id }}` - The ID of the user who triggered the workflow - `${{ github.event.workflow_run.id }}` - The ID of the workflow run that triggered the current workflow +- `${{ github.event.workflow_run.conclusion }}` - The conclusion of the workflow run that triggered the current workflow +- `${{ github.event.workflow_run.html_url }}` - The URL of the workflow run that triggered the current workflow +- `${{ github.event.workflow_run.head_sha }}` - The head SHA of the workflow run that triggered the current workflow - `${{ github.actor }}` - The username of the user who triggered the workflow - `${{ github.job }}` - Job ID of the current workflow run - `${{ github.owner }}` - The owner of the repository (user or organization name) @@ -179,6 +182,7 @@ Triggered by: ${{ github.actor }} Issue number: ${{ github.event.issue.number }} Previous output: ${{ needs.task.outputs.text }} User input: ${{ github.event.inputs.environment }} +Workflow run conclusion: ${{ github.event.workflow_run.conclusion }} # Invalid expressions (will cause compilation error) Token: ${{ secrets.GITHUB_TOKEN }} diff --git a/pkg/cli/templates/instructions.md b/pkg/cli/templates/instructions.md index ab26dbb03e..c17eb60852 100644 --- a/pkg/cli/templates/instructions.md +++ b/pkg/cli/templates/instructions.md @@ -190,6 +190,9 @@ Use GitHub Actions context expressions throughout the workflow content. **Note: - **`${{ github.event.review_comment.id }}`** - ID of the review comment - **`${{ github.event.sender.id }}`** - ID of the user who triggered the event - **`${{ github.event.workflow_run.id }}`** - ID of the workflow run +- **`${{ github.event.workflow_run.conclusion }}`** - Conclusion of the workflow run +- **`${{ github.event.workflow_run.html_url }}`** - URL of the workflow run +- **`${{ github.event.workflow_run.head_sha }}`** - Head SHA of the workflow run - **`${{ github.actor }}`** - Username of the person who initiated the workflow - **`${{ github.job }}`** - Job ID of the current workflow run - **`${{ github.owner }}`** - Owner of the repository @@ -222,6 +225,8 @@ Using output from previous task: "${{ needs.task.outputs.text }}" Deploy to environment: "${{ github.event.inputs.environment }}" +Previous workflow conclusion: "${{ github.event.workflow_run.conclusion }}" + # Invalid expressions (will cause compilation errors) # Token: ${{ secrets.GITHUB_TOKEN }} # Environment: ${{ env.MY_VAR }} diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 82b3a816e3..0f2eaed839 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -32,6 +32,9 @@ var AllowedExpressions = []string{ "github.event.review_comment.id", "github.event.sender.id", "github.event.workflow_run.id", + "github.event.workflow_run.conclusion", + "github.event.workflow_run.html_url", + "github.event.workflow_run.head_sha", "github.actor", "github.job", "github.owner", diff --git a/pkg/workflow/expression_safety_test.go b/pkg/workflow/expression_safety_test.go index f13301ae96..bebfb8e754 100644 --- a/pkg/workflow/expression_safety_test.go +++ b/pkg/workflow/expression_safety_test.go @@ -57,6 +57,21 @@ func TestValidateExpressionSafety(t *testing.T) { content: "Deploy input: ${{ github.event.inputs.deploy-environment }}", expectError: false, }, + { + name: "allowed_github_event_workflow_run_conclusion", + content: "Workflow conclusion: ${{ github.event.workflow_run.conclusion }}", + expectError: false, + }, + { + name: "allowed_github_event_workflow_run_html_url", + content: "Run URL: ${{ github.event.workflow_run.html_url }}", + expectError: false, + }, + { + name: "allowed_github_event_workflow_run_head_sha", + content: "Head SHA: ${{ github.event.workflow_run.head_sha }}", + expectError: false, + }, { name: "multiple_allowed_expressions", content: "Workflow: ${{ github.workflow }}, Repository: ${{ github.repository }}, Output: ${{ needs.task.outputs.text }}",