From 17e6156b715719b0a36ef4249b9c7e53019bc90a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Mar 2026 14:24:32 +0000 Subject: [PATCH 1/3] Initial plan From 19d0694866c535855e7fada577d475067496d849 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Mar 2026 14:33:12 +0000 Subject: [PATCH 2/3] fix: install correct version in action (#19591) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup-cli/install.sh | 13 ++++++++++--- actions/setup-cli/install_test.sh | 22 ++++++++++++---------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/actions/setup-cli/install.sh b/actions/setup-cli/install.sh index e1ac3479a12..f02a0dc0e16 100755 --- a/actions/setup-cli/install.sh +++ b/actions/setup-cli/install.sh @@ -239,8 +239,15 @@ fi if [ "$TRY_GH_INSTALL" = true ] && command -v gh &> /dev/null; then print_info "Attempting to install gh-aw using 'gh extension install'..." - # Try to install using gh - if gh extension install "$REPO" --force 2>&1 | tee /tmp/gh-install.log; then + # Call gh extension install directly to avoid command injection + install_result=0 + if [ -n "$VERSION" ] && [ "$VERSION" != "latest" ]; then + gh extension install "$REPO" --force --pin "$VERSION" 2>&1 | tee /tmp/gh-install.log || install_result=$? + else + gh extension install "$REPO" --force 2>&1 | tee /tmp/gh-install.log || install_result=$? + fi + + if [ $install_result -eq 0 ]; then # Verify the installation succeeded if gh aw version &> /dev/null; then INSTALLED_VERSION=$(gh aw version 2>&1 | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1) @@ -249,7 +256,7 @@ if [ "$TRY_GH_INSTALL" = true ] && command -v gh &> /dev/null; then # Set output for GitHub Actions if [ -n "${GITHUB_OUTPUT}" ]; then - echo "installed_version=${VERSION}" >> "${GITHUB_OUTPUT}" + echo "installed_version=${INSTALLED_VERSION}" >> "${GITHUB_OUTPUT}" fi exit 0 diff --git a/actions/setup-cli/install_test.sh b/actions/setup-cli/install_test.sh index 3601d322843..d9773bee4a0 100755 --- a/actions/setup-cli/install_test.sh +++ b/actions/setup-cli/install_test.sh @@ -59,7 +59,7 @@ test_executable() { # Test 3: Verify INPUT_VERSION support test_input_version() { echo "" - echo "Test 4: Verify INPUT_VERSION environment variable support" + echo "Test 3: Verify INPUT_VERSION environment variable support" # Check if script references INPUT_VERSION if grep -q "INPUT_VERSION" "$SCRIPT_PATH"; then @@ -69,10 +69,10 @@ test_input_version() { fi } -# Test 5: Verify gh extension install attempt +# Test 4: Verify gh extension install attempt test_gh_install() { echo "" - echo "Test 5: Verify gh extension install logic" + echo "Test 4: Verify gh extension install logic" # Check if script has gh extension install logic if grep -q "gh extension install" "$SCRIPT_PATH"; then @@ -82,15 +82,17 @@ test_gh_install() { fi } -# Test 5: Verify release validation -test_release_validation() { +# Test 5: Verify version pinning support +test_version_pinning() { echo "" - echo "Test 5: Verify release validation" + echo "Test 5: Verify version pinning for gh extension install" - if grep -q "Validating release.*exists" "$SCRIPT_PATH"; then - print_result "Script includes release validation" "PASS" + # Check if script uses --pin flag with $VERSION variable AND checks VERSION != "latest" + if grep -q -- '--pin.*\$VERSION' "$SCRIPT_PATH" && \ + grep -q '"\$VERSION" != "latest"' "$SCRIPT_PATH"; then + print_result "Script supports version pinning with correct variable usage" "PASS" else - print_result "Script missing release validation" "FAIL" + print_result "Script missing proper version pinning support (must use --pin with \$VERSION and check VERSION != latest)" "FAIL" fi } @@ -116,7 +118,7 @@ test_script_syntax test_executable test_input_version test_gh_install -test_release_validation +test_version_pinning test_checksum_validation # Summary From 0926e5abe34bef6ef63505e668afea40a6462563 Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Wed, 4 Mar 2026 15:20:24 +0000 Subject: [PATCH 3/3] Update install.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- actions/setup-cli/install.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/actions/setup-cli/install.sh b/actions/setup-cli/install.sh index f02a0dc0e16..58d73c6805d 100755 --- a/actions/setup-cli/install.sh +++ b/actions/setup-cli/install.sh @@ -242,9 +242,11 @@ if [ "$TRY_GH_INSTALL" = true ] && command -v gh &> /dev/null; then # Call gh extension install directly to avoid command injection install_result=0 if [ -n "$VERSION" ] && [ "$VERSION" != "latest" ]; then - gh extension install "$REPO" --force --pin "$VERSION" 2>&1 | tee /tmp/gh-install.log || install_result=$? + gh extension install "$REPO" --force --pin "$VERSION" 2>&1 | tee /tmp/gh-install.log + install_result=${PIPESTATUS[0]} else - gh extension install "$REPO" --force 2>&1 | tee /tmp/gh-install.log || install_result=$? + gh extension install "$REPO" --force 2>&1 | tee /tmp/gh-install.log + install_result=${PIPESTATUS[0]} fi if [ $install_result -eq 0 ]; then