@@ -144,7 +144,13 @@ jobs:
144144 CLEANUP_PILL : ${{ steps.cleanup.outputs.CLEANUP_PILL }}
145145 CONFIG_LABEL : ${{ steps.config.outputs.CONFIG_LABEL }}
146146 run : |
147+ # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
148+ html_escape() {
149+ printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
150+ }
147151 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
152+ ACTOR="$(html_escape "$GITHUB_ACTOR")"
153+ BRANCH="$(html_escape "$BRANCH_NAME")"
148154 PILL_BASE="display:inline-block; min-width:70px; text-align:center; padding:4px 12px; border-radius:20px; font-size:12px; font-weight:600; line-height:1.4;"
149155 DEPLOY_PILL="<span style=\"${PILL_BASE} background:#f8d7da; color:#721c24;\">❌ FAILED</span>"
150156 E2E_PILL="<span style=\"${PILL_BASE} background:#d4edda; color:#155724;\">⏭️ SKIPPED</span>"
@@ -178,9 +184,9 @@ jobs:
178184 <h3 style="margin:0 0 14px; font-size:13px; text-transform:uppercase; letter-spacing:0.5px; color:#6b7280; border-bottom:2px solid #e5e7eb; padding-bottom:8px;">Deployment Details</h3>
179185 <table width="100%" cellpadding="0" cellspacing="0" style="margin-bottom:28px;">
180186 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280; width:140px;">Triggered By</td>
181- <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor } }</td></tr>
187+ <td style="padding:8px 0; font-size:13px; color:#111827;">${ACTOR }</td></tr>
182188 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td>
183- <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME } }</td></tr>
189+ <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${BRANCH }</td></tr>
184190 </table>
185191 <table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tr><td align="center" style="padding:8px 0;">
186192 <a href="${RUN_URL}" style="display:inline-block; background:#dc2626; color:#ffffff; text-decoration:none; padding:12px 28px; border-radius:4px; font-size:13px; font-weight:600; letter-spacing:0.3px;">VIEW PIPELINE RUN</a>
@@ -219,8 +225,14 @@ jobs:
219225 CONFIG_LABEL : ${{ steps.config.outputs.CONFIG_LABEL }}
220226 CLEANUP_PILL : ${{ steps.cleanup.outputs.CLEANUP_PILL }}
221227 run : |
228+ # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
229+ html_escape() {
230+ printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
231+ }
222232 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
223- RESOURCE_GROUP="$INPUT_RESOURCE_GROUP_NAME"
233+ RESOURCE_GROUP="$(html_escape "$INPUT_RESOURCE_GROUP_NAME")"
234+ ACTOR="$(html_escape "$GITHUB_ACTOR")"
235+ BRANCH="$(html_escape "$BRANCH_NAME")"
224236 PILL_BASE="display:inline-block; min-width:70px; text-align:center; padding:4px 12px; border-radius:20px; font-size:12px; font-weight:600; line-height:1.4;"
225237 DEPLOY_PILL="<span style=\"${PILL_BASE} background:#f8d7da; color:#721c24;\">❌ FAILED</span>"
226238 E2E_PILL="<span style=\"${PILL_BASE} background:#d4edda; color:#155724;\">⏭️ SKIPPED</span>"
@@ -256,9 +268,9 @@ jobs:
256268 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280; width:140px;">Resource Group</td>
257269 <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${RESOURCE_GROUP}</td></tr>
258270 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Triggered By</td>
259- <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor } }</td></tr>
271+ <td style="padding:8px 0; font-size:13px; color:#111827;">${ACTOR }</td></tr>
260272 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td>
261- <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME } }</td></tr>
273+ <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${BRANCH }</td></tr>
262274 </table>
263275 <table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tr><td align="center" style="padding:8px 0;">
264276 <a href="${RUN_URL}" style="display:inline-block; background:#dc2626; color:#ffffff; text-decoration:none; padding:12px 28px; border-radius:4px; font-size:13px; font-weight:600; letter-spacing:0.3px;">INVESTIGATE FAILURE</a>
@@ -310,6 +322,8 @@ jobs:
310322 WEBAPP_URL="$(html_escape "${INPUT_CONTAINER_WEB_APPURL:-$INPUT_EXISTING_WEBAPP_URL}")"
311323 RESOURCE_GROUP="$(html_escape "$INPUT_RESOURCE_GROUP_NAME")"
312324 TEST_REPORT_URL="$(html_escape "$INPUT_TEST_REPORT_URL")"
325+ ACTOR="$(html_escape "$GITHUB_ACTOR")"
326+ BRANCH="$(html_escape "$BRANCH_NAME")"
313327 PILL_BASE="display:inline-block; min-width:70px; text-align:center; padding:4px 12px; border-radius:20px; font-size:12px; font-weight:600; line-height:1.4;"
314328 DEPLOY_PILL="<span style=\"${PILL_BASE} background:#d4edda; color:#155724;\">✅ SUCCESS</span>"
315329
@@ -353,9 +367,9 @@ jobs:
353367 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Web App URL</td>
354368 <td style="padding:8px 0; font-size:13px;"><a href="${WEBAPP_URL}" style="color:#2563eb; text-decoration:none; font-family:'Cascadia Code','Courier New',monospace;">${WEBAPP_URL}</a></td></tr>
355369 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Triggered By</td>
356- <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor } }</td></tr>
370+ <td style="padding:8px 0; font-size:13px; color:#111827;">${ACTOR }</td></tr>
357371 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td>
358- <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME } }</td></tr>
372+ <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${BRANCH }</td></tr>
359373 ${TEST_DETAIL_ROWS}
360374 </table>
361375 <table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tr><td align="center" style="padding:8px 0;">
@@ -407,6 +421,8 @@ jobs:
407421 WEBAPP_URL="$(html_escape "${INPUT_CONTAINER_WEB_APPURL:-$INPUT_EXISTING_WEBAPP_URL}")"
408422 RESOURCE_GROUP="$(html_escape "$INPUT_RESOURCE_GROUP_NAME")"
409423 TEST_REPORT_URL="$(html_escape "$INPUT_TEST_REPORT_URL")"
424+ ACTOR="$(html_escape "$GITHUB_ACTOR")"
425+ BRANCH="$(html_escape "$BRANCH_NAME")"
410426 PILL_BASE="display:inline-block; min-width:70px; text-align:center; padding:4px 12px; border-radius:20px; font-size:12px; font-weight:600; line-height:1.4;"
411427 DEPLOY_PILL="<span style=\"${PILL_BASE} background:#d4edda; color:#155724;\">✅ SUCCESS</span>"
412428 E2E_PILL="<span style=\"${PILL_BASE} background:#f8d7da; color:#721c24;\">❌ FAILED</span>"
@@ -441,9 +457,9 @@ jobs:
441457 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Web App URL</td>
442458 <td style="padding:8px 0; font-size:13px;"><a href="${WEBAPP_URL}" style="color:#2563eb; text-decoration:none; font-family:'Cascadia Code','Courier New',monospace;">${WEBAPP_URL}</a></td></tr>
443459 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Triggered By</td>
444- <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor } }</td></tr>
460+ <td style="padding:8px 0; font-size:13px; color:#111827;">${ACTOR }</td></tr>
445461 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td>
446- <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME } }</td></tr>
462+ <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${BRANCH }</td></tr>
447463 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Test Suite</td>
448464 <td style="padding:8px 0; font-size:13px; color:#111827;">${TEST_SUITE_NAME}</td></tr>
449465 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Test Report</td>
@@ -495,6 +511,8 @@ jobs:
495511 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
496512 EXISTING_URL="$(html_escape "$INPUT_EXISTING_WEBAPP_URL")"
497513 TEST_REPORT_URL="$(html_escape "$INPUT_TEST_REPORT_URL")"
514+ ACTOR="$(html_escape "$GITHUB_ACTOR")"
515+ BRANCH="$(html_escape "$BRANCH_NAME")"
498516 PILL_BASE="display:inline-block; min-width:70px; text-align:center; padding:4px 12px; border-radius:20px; font-size:12px; font-weight:600; line-height:1.4;"
499517 DEPLOY_PILL="<span style=\"${PILL_BASE} background:#d4edda; color:#155724;\">⏭️ SKIPPED</span>"
500518 E2E_PILL="<span style=\"${PILL_BASE} background:#d4edda; color:#155724;\">✅ SUCCESS</span>"
@@ -532,9 +550,9 @@ jobs:
532550 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280; width:140px;">Target URL</td>
533551 <td style="padding:8px 0; font-size:13px;"><a href="${EXISTING_URL}" style="color:#2563eb; text-decoration:none; font-family:'Cascadia Code','Courier New',monospace;">${EXISTING_URL}</a></td></tr>
534552 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Triggered By</td>
535- <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor } }</td></tr>
553+ <td style="padding:8px 0; font-size:13px; color:#111827;">${ACTOR }</td></tr>
536554 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td>
537- <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME } }</td></tr>
555+ <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${BRANCH }</td></tr>
538556 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Test Suite</td>
539557 <td style="padding:8px 0; font-size:13px; color:#111827;">${TEST_SUITE_NAME}</td></tr>
540558 ${REPORT_ROW}
@@ -585,6 +603,8 @@ jobs:
585603 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
586604 EXISTING_URL="$(html_escape "$INPUT_EXISTING_WEBAPP_URL")"
587605 TEST_REPORT_URL="$(html_escape "$INPUT_TEST_REPORT_URL")"
606+ ACTOR="$(html_escape "$GITHUB_ACTOR")"
607+ BRANCH="$(html_escape "$BRANCH_NAME")"
588608 PILL_BASE="display:inline-block; min-width:70px; text-align:center; padding:4px 12px; border-radius:20px; font-size:12px; font-weight:600; line-height:1.4;"
589609 DEPLOY_PILL="<span style=\"${PILL_BASE} background:#d4edda; color:#155724;\">⏭️ SKIPPED</span>"
590610 E2E_PILL="<span style=\"${PILL_BASE} background:#f8d7da; color:#721c24;\">❌ FAILED</span>"
@@ -622,9 +642,9 @@ jobs:
622642 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280; width:140px;">Target URL</td>
623643 <td style="padding:8px 0; font-size:13px;"><a href="${EXISTING_URL}" style="color:#2563eb; text-decoration:none; font-family:'Cascadia Code','Courier New',monospace;">${EXISTING_URL}</a></td></tr>
624644 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Triggered By</td>
625- <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor } }</td></tr>
645+ <td style="padding:8px 0; font-size:13px; color:#111827;">${ACTOR }</td></tr>
626646 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td>
627- <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME } }</td></tr>
647+ <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${BRANCH }</td></tr>
628648 <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Test Suite</td>
629649 <td style="padding:8px 0; font-size:13px; color:#111827;">${TEST_SUITE_NAME}</td></tr>
630650 ${REPORT_ROW}
0 commit comments