Skip to content

fix: escape regex metacharacters in workflow file pattern matching #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
troinine merged 4 commits into from
Dec 9, 2025
Merged

fix: escape regex metacharacters in workflow file pattern matching #5

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
90222c5
Initial plan
Copilot Dec 9, 2025
2e90fe0
fix: properly escape dots in sensitive file pattern matching
Copilot Dec 9, 2025
8fa0807
Merge branch 'chore/pr-approval' into copilot/sub-pr-4
Copilot Dec 9, 2025
06577f6
Merge branch 'chore/pr-approval' into copilot/sub-pr-4
troinine Dec 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/copilot-review-approval.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,11 @@ jobs:
echo "Checking if sensitive files have been modified..."

SENSITIVE_PATTERNS='
.github/workflows/
\.github/workflows/
'
CHANGED_FILES=$(gh pr view "$PR_URL" --repo "$REPO" --json files | jq -r '.files[].path')
for pattern in $SENSITIVE_PATTERNS; do
if echo "$CHANGED_FILES" | grep -q "^$pattern"; then
if echo "$CHANGED_FILES" | grep -qE "^$pattern"; then
echo "PR modifies sensitive file(s) matching pattern: $pattern"
echo "Auto-approval is not allowed for PRs that modify workflow, dependency, or security-sensitive files."
exit 0
Expand Down