github actions: Quote all script expressions that can have special chars

kerneltoast · kerneltoast · commit 1bdbc07b1b31 · 2025-12-04T19:10:26.000-08:00
Branch names and repository names can contain special characters. Quote all
such expressions used in shell scripts.
diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml
@@ -22,7 +22,7 @@ jobs:
 
       - name: Checkout base branch
         run: |
-          git fetch origin ${{ github.base_ref }}:${{ github.base_ref }}
+          git fetch origin "${{ github.base_ref }}":"${{ github.base_ref }}"
 
       - name: Checkout kernel-src-tree-tools
         uses: actions/checkout@v4
@@ -82,7 +82,7 @@ jobs:
         run: |
           if ! gh pr comment ${{ github.event.pull_request.number }} \
             --body-file ckc_result.txt \
-            --repo ${{ github.repository }}; then
+            --repo "${{ github.repository }}"; then
             echo "❌ Failed to post check-kernel-commits comment to PR"
             exit 1
           fi
@@ -146,7 +146,7 @@ jobs:
         run: |
           if ! gh pr comment ${{ github.event.pull_request.number }} \
             --body-file interdiff_result.txt \
-            --repo ${{ github.repository }}; then
+            --repo "${{ github.repository }}"; then
             echo "❌ Failed to post interdiff comment to PR"
             exit 1
           fi
@@ -176,8 +176,8 @@ jobs:
           set +e  # Don't exit on error, we want to capture the output
           OUTPUT=$(python3 jira_pr_check.py \
             --kernel-src-tree .. \
-            --merge-target ${{ github.base_ref }} \
-            --pr-branch ${{ github.head_ref }} 2>&1)
+            --merge-target "${{ github.base_ref }}" \
+            --pr-branch "${{ github.head_ref }}" 2>&1)
           EXIT_CODE=$?
 
           # Filter out any potential credential leaks from output
@@ -218,7 +218,7 @@ jobs:
         run: |
           if ! gh pr comment ${{ github.event.pull_request.number }} \
             --body "${{ steps.jira_check.outputs.output }}" \
-            --repo ${{ github.repository }}; then
+            --repo "${{ github.repository }}"; then
             echo "❌ Failed to post JIRA check comment to PR"
             exit 1
           fi
@@ -231,7 +231,7 @@ jobs:
           gh pr review ${{ github.event.pull_request.number }} \
             --request-changes \
             --body "⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch." \
-            --repo ${{ github.repository }}
+            --repo "${{ github.repository }}"
 
       - name: Fail workflow if JIRA errors found
         if: steps.jira_check.outcome == 'failure'
