ROX-30627: Testing and adapting for cloud JIRA (#213)#19438
Merged
tommartensen merged 3 commits intomasterfrom Mar 16, 2026
Merged
ROX-30627: Testing and adapting for cloud JIRA (#213)#19438tommartensen merged 3 commits intomasterfrom
tommartensen merged 3 commits intomasterfrom
Conversation
* adapt workflows and scripts to the Cloud Jira instance (UAT) testing * simplify configuration by re-using Action variables * self-review: correct retries for get x from JIRA commands
|
Skipping CI for Draft Pull Request. |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
tommartensen
commented
Mar 16, 2026
kurlov
approved these changes
Mar 16, 2026
Contributor
There was a problem hiding this comment.
Hey - I've found 2 issues, and left some high level feedback:
- The Jira helper functions build JSON payloads via heredocs with unescaped interpolated values (e.g., JQL in
get_issues,COMMENTincomment_on_issue), which will break if those contain quotes or newlines; consider constructing the JSON withjq -n --argor otherwise escaping these fields properly. get_issues/comment_on_issuewrite to a fixed/tmp/request.jsonpath, which can cause races or interference if multiple scripts or steps call these in parallel; usingmktempto create a unique temporary file per call would make this more robust.- In
get_issues,PAGE_SIZEandnext_page_tokenare implicitly global; making themlocalwould reduce the risk of side effects if the script grows or additional functions reuse these names.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The Jira helper functions build JSON payloads via heredocs with unescaped interpolated values (e.g., JQL in `get_issues`, `COMMENT` in `comment_on_issue`), which will break if those contain quotes or newlines; consider constructing the JSON with `jq -n --arg` or otherwise escaping these fields properly.
- `get_issues`/`comment_on_issue` write to a fixed `/tmp/request.json` path, which can cause races or interference if multiple scripts or steps call these in parallel; using `mktemp` to create a unique temporary file per call would make this more robust.
- In `get_issues`, `PAGE_SIZE` and `next_page_token` are implicitly global; making them `local` would reduce the risk of side effects if the script grows or additional functions reuse these names.
## Individual Comments
### Comment 1
<location path=".github/workflows/scripts/common.sh" line_range="111" />
<code_context>
+ while true; do
+ cat <<EOF > /tmp/request.json
+{
+ "jql": "$JQL",
+ "maxResults": "${PAGE_SIZE}",
+ "nextPageToken": "${next_page_token}",
</code_context>
<issue_to_address>
**issue (bug_risk):** JQL is interpolated into JSON without escaping, which can break the request for certain characters.
If `JQL` ever includes double quotes, backslashes, or newlines (e.g., from future changes or dynamic input), this here-doc will produce invalid JSON and the Jira request will fail in a hard-to-diagnose way. Consider instead:
- building the payload with `jq` (e.g., `jq -n --arg jql "$JQL" '{jql: $jql, ...}'`), or
- JSON-escaping `JQL` first (e.g., `JQL_ESCAPED=$(printf '%s' "$JQL" | jq -Rs .)` and embedding that).
This makes the helper resilient to JQL contents and future changes.
</issue_to_address>
### Comment 2
<location path=".github/workflows/scripts/common.sh" line_range="189" />
<code_context>
+ "content": [
+ {
+ "type": "text",
+ "text": "${COMMENT}"
+ }
+ ]
</code_context>
<issue_to_address>
**issue (bug_risk):** COMMENT is inserted into JSON without escaping, which can break the payload or cause malformed comments.
Since COMMENT may contain quotes, backslashes, or newlines (e.g., multi-line instructions), interpolating it directly into the JSON can produce invalid JSON or change the structure. Escape COMMENT as JSON before embedding, for example:
```bash
COMMENT_JSON=$(printf '%s' "$COMMENT" | jq -Rs .)
cat <<EOF > /tmp/request.json
{
"body": {
"version": 1,
"type": "doc",
"content": [
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": $COMMENT_JSON
}
]
}
]
}
}
EOF
```
This ensures the JSON remains valid regardless of COMMENT’s contents.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Contributor
|
Images are ready for the commit at c168e4f. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19438 +/- ##
==========================================
- Coverage 49.73% 49.73% -0.01%
==========================================
Files 2703 2703
Lines 204040 204040
==========================================
- Hits 101485 101477 -8
- Misses 94978 94986 +8
Partials 7577 7577
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Backport for https://github.com/stackrox/test-gh-actions/pull/213, which is required after Jira Cloud migration.
User-facing documentation
Testing and quality
Automated testing
How I validated my change
See validation in https://github.com/stackrox/test-gh-actions/pull/213