From 29a77164f1559cb423368f4a4a569fde080f42c6 Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Wed, 18 Jan 2023 09:13:09 +1100
Subject: [PATCH] fix(ci): properly escape PR title (#3318)

Within double quoted strings, bash tries to evaluate everything within backticks as a command. The GitHub security guide recommends to use an intermediary environment variable instead: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable

See https://github.com/libp2p/rust-libp2p/actions/runs/3889880383/jobs/6638520274#step:3:11.
---
 .github/workflows/ci.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9ce4fc5f..c8725c7a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -298,11 +298,12 @@ jobs:
           require_scope: false
 
       - name: Check PR title length
+        env:
+          TITLE: ${{ github.event.pull_request.title }}
         run: |
-          title="${{ github.event.pull_request.title }}"
-          title_length=${#title}
+          title_length=${#TITLE}
           if [ $title_length -gt 72 ]
           then
             echo "PR title is too long (greater than 72 characters)"
             exit 1
-          fi
\ No newline at end of file
+          fi