Add new allowed #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

pelikhan merged 1 commit into main from f5

Aug 14, 2025

docs/workflow-structure.md

-Original file line number
+Diff line change
@@ Expand Up @@
     - `${{ github.event.review_comment.id }}` - The ID of the review comment that triggered the workflow
     - `${{ github.event.sender.id }}` - The ID of the user who triggered the workflow
     - `${{ github.event.workflow_run.id }}` - The ID of the workflow run that triggered the current workflow
+    - `${{ github.event.workflow_run.conclusion }}` - The conclusion of the workflow run that triggered the current workflow
+    - `${{ github.event.workflow_run.html_url }}` - The URL of the workflow run that triggered the current workflow
+    - `${{ github.event.workflow_run.head_sha }}` - The head SHA of the workflow run that triggered the current workflow
     - `${{ github.actor }}` - The username of the user who triggered the workflow
     - `${{ github.job }}` - Job ID of the current workflow run
     - `${{ github.owner }}` - The owner of the repository (user or organization name)
@@ Expand Down Expand Up / @@ -179,6 +182,7 @@ Triggered by: ${{ github.actor }} @@
     Issue number: ${{ github.event.issue.number }}
     Previous output: ${{ needs.task.outputs.text }}
     User input: ${{ github.event.inputs.environment }}
+    Workflow run conclusion: ${{ github.event.workflow_run.conclusion }}
     # Invalid expressions (will cause compilation error)
     Token: ${{ secrets.GITHUB_TOKEN }}
@@ Expand Down @@

pkg/cli/templates/instructions.md

-Original file line number
+Diff line change
@@ Expand Up @@
     - **`${{ github.event.review_comment.id }}`** - ID of the review comment
     - **`${{ github.event.sender.id }}`** - ID of the user who triggered the event
     - **`${{ github.event.workflow_run.id }}`** - ID of the workflow run
+    - **`${{ github.event.workflow_run.conclusion }}`** - Conclusion of the workflow run
+    - **`${{ github.event.workflow_run.html_url }}`** - URL of the workflow run
+    - **`${{ github.event.workflow_run.head_sha }}`** - Head SHA of the workflow run
     - **`${{ github.actor }}`** - Username of the person who initiated the workflow
     - **`${{ github.job }}`** - Job ID of the current workflow run
     - **`${{ github.owner }}`** - Owner of the repository
@@ Expand Down Expand Up @@
     Deploy to environment: "${{ github.event.inputs.environment }}"
+    Previous workflow conclusion: "${{ github.event.workflow_run.conclusion }}"
     # Invalid expressions (will cause compilation errors)
     # Token: ${{ secrets.GITHUB_TOKEN }}
     # Environment: ${{ env.MY_VAR }}
@@ Expand Down @@

pkg/constants/constants.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -32,6 +32,9 @@ var AllowedExpressions = []string{ @@
     	"github.event.review_comment.id",
     	"github.event.sender.id",
     	"github.event.workflow_run.id",
+    	"github.event.workflow_run.conclusion",
+    	"github.event.workflow_run.html_url",
+    	"github.event.workflow_run.head_sha",
     	"github.actor",
     	"github.job",
     	"github.owner",
@@ Expand Down @@

pkg/workflow/expression_safety_test.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -57,6 +57,21 @@ func TestValidateExpressionSafety(t *testing.T) { @@
     			content:     "Deploy input: ${{ github.event.inputs.deploy-environment }}",
     			expectError: false,
     		},
+    		{
+    			name:        "allowed_github_event_workflow_run_conclusion",
+    			content:     "Workflow conclusion: ${{ github.event.workflow_run.conclusion }}",
+    			expectError: false,
+    		},
+    		{
+    			name:        "allowed_github_event_workflow_run_html_url",
+    			content:     "Run URL: ${{ github.event.workflow_run.html_url }}",
+    			expectError: false,
+    		},
+    		{
+    			name:        "allowed_github_event_workflow_run_head_sha",
+    			content:     "Head SHA: ${{ github.event.workflow_run.head_sha }}",
+    			expectError: false,
+    		},
     		{
     			name:        "multiple_allowed_expressions",
     			content:     "Workflow: ${{ github.workflow }}, Repository: ${{ github.repository }}, Output: ${{ needs.task.outputs.text }}",
@@ Expand Down @@

Provide feedback