{{ message }}
Fix positional arg bug in ExpressionParser.CreateTree#4279
Merged
ericsciple merged 1 commit intomainfrom Mar 5, 2026
Merged
Conversation
ericsciple
force-pushed
the
users/ericsciple/26-03-case
branch
from
7772cef to
627937f
Compare
allowCaseFunction was passed positionally into the allowUnknownKeywords parameter of ParseContext, causing the legacy parser to silently accept any named-value in expressions during schema validation.
ericsciple
force-pushed
the
users/ericsciple/26-03-case
branch
from
627937f to
2c8827e
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes a positional-argument mixup in ExpressionParser.CreateTree that caused allowCaseFunction to incorrectly toggle allowUnknownKeywords, letting invalid named-values slip through schema validation.
Changes:
- Pass
allowCaseFunctionintoParseContextvia a named argument to avoid the incorrect parameter binding. - Add regression tests for expression parsing and for action manifest parsing (legacy/new/wrapper) to ensure invalid contexts are rejected.
- Add new action manifest test data covering invalid env expression context usage.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
salmanmkc
approved these changes
Mar 5, 2026
AllanGuigou
approved these changes
Mar 5, 2026
dawidmalina
pushed a commit
to dawidmalina/github-runner
that referenced
this pull request
Mar 19, 2026
ygrishajev
added a commit
to akash-network/console
that referenced
this pull request
Mar 30, 2026
Runner v2.333.0 fixed a bug where `allowCaseFunction` was passed positionally into `allowUnknownKeywords`, accidentally making the parser accept any named-value in composite actions. This broke our use of `vars.GH_USER_TO_SLACK_USER` directly in the run-e2e-tests composite action. Pass it as an explicit input from the calling workflows instead. Ref: actions/runner#4279
github-merge-queue Bot
pushed a commit
to akash-network/console
that referenced
this pull request
Mar 30, 2026
Runner v2.333.0 fixed a bug where `allowCaseFunction` was passed positionally into `allowUnknownKeywords`, accidentally making the parser accept any named-value in composite actions. This broke our use of `vars.GH_USER_TO_SLACK_USER` directly in the run-e2e-tests composite action. Pass it as an explicit input from the calling workflows instead. Ref: actions/runner#4279
elysia-best
added a commit
to loong64/runner
that referenced
this pull request
Apr 18, 2026
commit 6792966 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Fri Mar 27 16:55:20 2026 +0000 Bump version to 2.333.1 commit 8d231aa Author: Salman Chishti <salmanmkc@GitHub.com> Date: Wed Mar 18 17:26:07 2026 +0000 Update release version to 2.333.0 commit 4e8e1ff Author: Salman Chishti <salmanmkc@GitHub.com> Date: Wed Mar 18 16:51:00 2026 +0000 prep new runner release 2.333.0 (actions#4306) commit b6cca8f Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Mar 18 16:26:33 2026 +0000 Bump @typescript-eslint/eslint-plugin from 8.54.0 to 8.57.1 in /src/Misc/expressionFunc/hashFiles (actions#4304) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit 18d0789 Author: Salman Chishti <salmanmkc@GitHub.com> Date: Tue Mar 17 18:58:34 2026 +0000 Node 24 enforcement + Linux ARM32 deprecation support (actions#4303) commit c985a9f Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Mar 16 13:48:09 2026 +0000 Update dotnet sdk to latest version @8.0.419 (actions#4301) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tingluo Huang <tingluohuang@github.com> commit 45ed15d Author: Tingluo Huang <tingluohuang@github.com> Date: Mon Mar 16 09:31:57 2026 -0400 Report infra_error for action download failures. (actions#4294) commit c5dcf59 Author: Nikola Jokic <jokicnikola07@gmail.com> Date: Fri Mar 13 19:16:31 2026 +0100 Exit with specified exit code when runner is outdated (actions#4285) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> commit c7f6c49 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Mar 11 10:21:47 2026 +0000 Bump @typescript-eslint/eslint-plugin from 8.47.0 to 8.54.0 in /src/Misc/expressionFunc/hashFiles (actions#4230) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit 40dd583 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Mon Mar 9 11:10:08 2026 -0500 Fix cancellation token race during parser comparison (actions#4280) commit 68f2e9a Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Mar 9 13:02:32 2026 +0000 chore: update Node versions (actions#4287) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> commit 2b98d42 Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Mar 9 00:37:54 2026 +0000 Update Docker to v29.3.0 and Buildx to v0.32.1 (actions#4286) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> commit ce8ce41 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Mar 7 22:13:23 2026 +0000 Bump @stylistic/eslint-plugin from 5.9.0 to 5.10.0 in /src/Misc/expressionFunc/hashFiles (actions#4281) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit 5310e90 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Mar 7 01:59:22 2026 +0000 Bump actions/attest-build-provenance from 3 to 4 (actions#4266) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 9832328 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Mar 7 01:49:28 2026 +0000 Bump docker/setup-buildx-action from 3 to 4 (actions#4282) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit 5ef3270 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat Mar 7 01:44:58 2026 +0000 Bump docker/build-push-action from 6 to 7 (actions#4283) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 1138dd8 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Thu Mar 5 14:56:28 2026 -0600 Fix positional arg bug in ExpressionParser.CreateTree (actions#4279) commit 99910ca Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu Mar 5 15:45:49 2026 +0000 Bump docker/login-action from 3 to 4 (actions#4278) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit bcd04cf Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu Mar 5 14:55:48 2026 +0000 Bump actions/upload-artifact from 6 to 7 (actions#4270) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit 20111cb Author: eric sciple <ericsciple@users.noreply.github.com> Date: Wed Mar 4 17:36:45 2026 -0600 Support `entrypoint` and `command` for service containers (actions#4276) commit 8f01257 Author: Max Horstmann <MaxHorstmann@users.noreply.github.com> Date: Wed Mar 4 15:17:25 2026 -0500 Devcontainer: bump base image Ubuntu version (actions#4277) commit 8a73bcc Author: eric sciple <ericsciple@users.noreply.github.com> Date: Mon Mar 2 23:38:16 2026 -0600 Fix parser comparison mismatches (actions#4273) commit a9a07a6 Author: Tingluo Huang <tingluohuang@github.com> Date: Mon Mar 2 22:44:14 2026 -0500 Avoid throw in SelfUpdaters. (actions#4274) commit 60a9422 Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Mar 2 13:51:11 2026 +0000 chore: update Node versions (actions#4272) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> commit 985a06f Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Feb 27 09:18:13 2026 +0000 Bump actions/download-artifact from 7 to 8 (actions#4269) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit ae09a9d Author: eric sciple <ericsciple@users.noreply.github.com> Date: Thu Feb 26 08:36:55 2026 -0600 Fix composite post-step marker display names (actions#4267) commit 7650fc4 Author: Tingluo Huang <tingluohuang@github.com> Date: Wed Feb 25 15:44:27 2026 -0500 Log inner exception message. (actions#4265) commit bc00800 Author: Salman Chishti <salmanmkc@GitHub.com> Date: Wed Feb 25 13:36:47 2026 +0000 Bump runner version to 2.332.0 and update release notes (actions#4264) commit 86e2360 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Feb 25 12:02:23 2026 +0000 Bump @stylistic/eslint-plugin from 3.1.0 to 5.9.0 in /src/Misc/expressionFunc/hashFiles (actions#4257) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit 0fb7482 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Feb 25 11:56:32 2026 +0000 Bump minimatch in /src/Misc/expressionFunc/hashFiles (actions#4261) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 052dfbd Author: Pavel Iakovenko <paveliak@users.noreply.github.com> Date: Tue Feb 24 12:19:46 2026 -0500 Symlink actions cache (actions#4260) commit ecb5f29 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Mon Feb 23 09:00:12 2026 -0600 Composite Action Step Markers (actions#4243) commit a2b2209 Author: Salman Chishti <salmanmkc@GitHub.com> Date: Sat Feb 21 19:19:46 2026 +0000 Update Node.js 20 deprecation date to June 2nd, 2026 (actions#4258) Co-authored-by: Salman <salmanmkc@gmail.com> commit 9426c35 Author: Salman Chishti <salmanmkc@GitHub.com> Date: Thu Feb 19 17:05:32 2026 +0000 Add Node.js 20 deprecation warning annotation (Phase 1) (actions#4242) commit 72189aa Author: Tingluo Huang <tingluohuang@github.com> Date: Wed Feb 18 12:00:37 2026 -0500 Try to infer runner is on hosted/ghes when githuburl is empty. (actions#4254) commit e012ab6 Author: Tingluo Huang <tingluohuang@github.com> Date: Tue Feb 17 14:09:05 2026 -0500 Fix link to SECURITY.md in README (actions#4253) commit a798a45 Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Feb 16 11:34:26 2026 +0000 Update dotnet sdk to latest version @8.0.418 (actions#4250) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> commit 9efea31 Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Feb 16 11:29:25 2026 +0000 chore: update Node versions (actions#4249) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> commit 6680090 Author: Zach Renner <13670625+zarenner@users.noreply.github.com> Date: Thu Feb 12 05:46:48 2026 -0800 Remove unnecessary connection test during some registration flows (actions#4244) commit 15cb558 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Wed Feb 11 09:44:01 2026 -0600 Fix parser comparison mismatches (actions#4220) commit d5a8a93 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Tue Feb 10 12:28:42 2026 -0600 Add telemetry tracking for deprecated set-output and save-state commands (actions#4221) commit cdb77c6 Author: Tingluo Huang <tingluohuang@github.com> Date: Tue Feb 10 09:31:10 2026 -0500 Support return job result as exitcode in hosted runner. (actions#4233) commit a4a19b1 Author: Nikola Jokic <jokicnikola07@gmail.com> Date: Tue Feb 10 02:07:20 2026 +0100 Bump hook to 0.8.1 (actions#4222) commit 1b5486a Author: Tingluo Huang <tingluohuang@github.com> Date: Mon Feb 9 08:42:07 2026 -0500 Validate work dir during runner start up. (actions#4227) commit 4214709 Author: Takuma Ishikawa <nekketsuuu@users.noreply.github.com> Date: Mon Feb 9 06:03:41 2026 +0900 Add support for libssl3 and libssl3t64 for newer Debian/Ubuntu versions (actions#4213) commit 3ffedab Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Feb 2 02:15:37 2026 +0000 Update Docker to v29.2.0 and Buildx to v0.31.1 (actions#4219) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> commit 3a80a78 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Fri Jan 30 09:24:06 2026 -0600 Fix local action display name showing `Run /./` instead of `Run ./` (actions#4218) commit 6822f4a Author: Tingluo Huang <tingluohuang@github.com> Date: Tue Jan 27 16:52:25 2026 -0500 Report job level annotations (actions#4216) commit ad43c63 Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun Jan 25 21:10:56 2026 -0500 Update Docker to v29.1.5 and Buildx to v0.31.0 (actions#4212) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> commit 5d4fb30 Author: eric sciple <ericsciple@users.noreply.github.com> Date: Thu Jan 22 15:17:18 2026 -0600 Allow empty container options (actions#4208) commit 1df72a5 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu Jan 22 14:41:15 2026 +0000 Bump System.Formats.Asn1 and System.Security.Cryptography.Pkcs (actions#4202) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 02013cf Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon Jan 19 23:08:47 2026 -0500 Update dotnet sdk to latest version @8.0.417 (actions#4201) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> commit 7d5c17a Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue Jan 20 02:18:53 2026 +0000 chore: update Node versions (actions#4200) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> # Conflicts: # .devcontainer/devcontainer.json # images/Dockerfile # releaseVersion # src/Sdk/Sdk.csproj # src/Test/L0/Worker/ActionRunnerL0.cs # src/dev.sh # src/global.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
allowCaseFunctionwas passed positionally into theallowUnknownKeywords, causing the legacy parser to silently accept any named-value in expressions during schema validation.