fix: prevent unintended input replacement in reusable workflows with …

…workflow_dispatch when using workflow_call (#2502) * Remove redundant check See: #2464 (comment) * Add condition to prevent replacing inputs in reusable workflows with workflow_dispatch inputs Closes: #2464 * fmt * Revert "Remove redundant check" This reverts commit 6345596. * add test * Update runner_test.go * update label --------- Co-authored-by: ChristopherHX <[email protected]>
nektos · Dec 29, 2024 · deea8ec · deea8ec
1 parent bd8dda1
commit deea8ec
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 1 deletion.
diff --git a/pkg/runner/expression.go b/pkg/runner/expression.go
@@ -497,7 +497,7 @@ func getEvaluatorInputs(ctx context.Context, rc *RunContext, step step, ghc *mod
 		}
 	}
 
-	if ghc.EventName == "workflow_dispatch" {
+	if rc.caller == nil && ghc.EventName == "workflow_dispatch" {
 		config := rc.Run.Workflow.WorkflowDispatchConfig()
 		if config != nil && config.Inputs != nil {
 			for k, v := range config.Inputs {

diff --git a/pkg/runner/runner_test.go b/pkg/runner/runner_test.go
@@ -305,6 +305,7 @@ func TestRunEvent(t *testing.T) {
 		{workdir, "workflow_dispatch_no_inputs_mapping", "workflow_dispatch", "", platforms, secrets},
 		{workdir, "workflow_dispatch-scalar", "workflow_dispatch", "", platforms, secrets},
 		{workdir, "workflow_dispatch-scalar-composite-action", "workflow_dispatch", "", platforms, secrets},
+		{workdir, "uses-workflow-defaults", "workflow_dispatch", "", platforms, secrets},
 		{workdir, "job-needs-context-contains-result", "push", "", platforms, secrets},
 		{"../model/testdata", "strategy", "push", "", platforms, secrets}, // TODO: move all testdata into pkg so we can validate it with planner and runner
 		{"../model/testdata", "container-volumes", "push", "", platforms, secrets},

diff --git a/pkg/runner/testdata/.github/workflows/local-reusable-and-dispatch.yml b/pkg/runner/testdata/.github/workflows/local-reusable-and-dispatch.yml
@@ -0,0 +1,30 @@
+name: reuse
+
+on:
+  workflow_dispatch:
+    inputs:
+      my-val:
+        type: string
+        required: true
+        default: "default_value_reuse_workflow_dispatch_call"
+      dispatch-val:
+        type: string
+        default: "I am a dispatch var for checking if I am being used in workflow_call"
+
+  workflow_call:
+    inputs:
+      my-val:
+        type: string
+        required: true
+        default: "default_value_reuse_workflow_call"
+
+jobs:
+  reusable_workflow_job:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run a one-line script
+        run: echo "✅ 🚀 ✅ hello this is from workflow reuse. Value - " ${{ inputs.my-val }} ${{ github.event_name }} ${{ inputs.dispatch-val }}
+      - name: Assert
+        run: |
+          exit ${{ ( inputs.my-val == 'default_value_reuse_workflow_call' || inputs.my-val == 'passed value from main' ) && !inputs.dispatch-val && '0' || '1' }}
diff --git a/pkg/runner/testdata/uses-workflow-defaults/workflow_dispatch.yml b/pkg/runner/testdata/uses-workflow-defaults/workflow_dispatch.yml
@@ -0,0 +1,21 @@
+name: CI
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run a one-line script
+        run: echo "✅ 🚀 ✅ hello this is from workflow main" ${{ github.event_name }}  
+  call-reuse-w-val:
+    uses: ./.github/workflows/local-reusable-and-dispatch.yml
+    with:
+      my-val: "passed value from main"