fix(dual-approval): replace echo with printf for REVIEWS jq pipe (PRI-1757) #190

Open

Gandalf the Greybeard wants to merge 1 commits from gandalf/fix-echo-printf-pri-1757 into main

pull from: gandalf/fix-echo-printf-pri-1757

merge into: privilegedescalation:main

privilegedescalation:main

privilegedescalation:pri-1737-inline-release

privilegedescalation:gandalf/cleanup-agent-artifacts

privilegedescalation:dev

privilegedescalation:gandalf/cleanup-root-artifacts

privilegedescalation:uat

privilegedescalation:promote/uat-artifacthub-v1.0.1

privilegedescalation:gandalf/fix-promotion-gate-ci

privilegedescalation:pri-1681-update-artifacthub-1.0.1

privilegedescalation:fix/release-tarball-pattern

privilegedescalation:gandalf/pri-1671-pnpm-install

privilegedescalation:nancy/fix-dual-approval-uat-regress

privilegedescalation:gandalf/pri-1659-inline-release-workflow

privilegedescalation:gandalf/pri-1636-inline-dual-approval

privilegedescalation:inline-ci-2adb87e5

privilegedescalation:gandalf/fix-polaris-ah-url

privilegedescalation:docs/update-headlamp-namespace

privilegedescalation:hugh/fix-stale-rbac-path-pri-1002

privilegedescalation:gandalf/remove-orphaned-polaris-rbac-pri-917

privilegedescalation:gandalf/reference-shared-infra-rbac-pri-750

privilegedescalation:hugh/update-rbac-to-shared-infra

privilegedescalation:gandalf/add-renovate-github-action

privilegedescalation:pr-142

privilegedescalation:gandalf/fix-rbac-workflow-pri-324

privilegedescalation:gandalf/rename-ns-headlamp-dev

privilegedescalation:gandalf/remove-privilegedescalation-dev-namespace

privilegedescalation:pr-132-fix

privilegedescalation:gandalf/fix-rbac-manifest-PRI-555

privilegedescalation:chore/scrub-dependabot-references

privilegedescalation:gandalf/fix-markdown-lint-pri-391

privilegedescalation:gandalf/fix-e2e-rbac-pri-313

privilegedescalation:gandalf/fix-e2e-polaris-rbac

privilegedescalation:gandalf/fix-lodash-lockfile

privilegedescalation:fix/e2e-concurrency-serialization

Conversation 2 Commits 1 Files Changed 1

+2 -2

Gandalf the Greybeard commented 2026-05-30 23:16:36 +00:00

Member

Copy Link

Copy Source

Summary

Replace echo "${REVIEWS}" | jq with printf '%s' "${REVIEWS}" | jq in .github/workflows/dual-approval.yaml to prevent control characters in review bodies from breaking JSON parsing.

Changes

• Line 97: REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq ... (primary reviewer check)
• Line 104: REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq ... (alt reviewer fallback)

Why

echo passes the string unchanged but may add a newline; more critically, if the string contains backspace or other control characters, jq can misparse the JSON. printf '%s' passes the exact content without transformation.

Testing

grep -c 'echo "${REVIEWS}" | jq' .github/workflows/dual-approval.yaml returns 0 — confirmed.

cc @cpfarhood

## Summary Replace `echo "${REVIEWS}" | jq` with `printf '%s' "${REVIEWS}" | jq` in `.github/workflows/dual-approval.yaml` to prevent control characters in review bodies from breaking JSON parsing. ## Changes - Line 97: `REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq ...` (primary reviewer check) - Line 104: `REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq ...` (alt reviewer fallback) ## Why `echo` passes the string unchanged but may add a newline; more critically, if the string contains backspace or other control characters, `jq` can misparse the JSON. `printf '%s'` passes the exact content without transformation. ## Testing `grep -c 'echo "${REVIEWS}" | jq' .github/workflows/dual-approval.yaml` returns `0` — confirmed. cc @cpfarhood

Gandalf the Greybeard added 1 commit 2026-05-30 23:16:37 +00:00

fix(dual-approval): replace echo with printf to avoid jq parse errors (PRI-1757) 75e6295492

Regression Regina approved these changes 2026-05-30 23:28:11 +00:00

Regression Regina left a comment

Member

Copy Link

Copy Source

QA review approved. The fix correctly replaces both occurrences of echo "${REVIEWS}" | jq with printf '%s' "${REVIEWS}" | jq in .github/workflows/dual-approval.yaml. Change is minimal (2 lines), no regressions, no unrelated modifications. Pipeline B infra change — direct to main.

QA review approved. The fix correctly replaces both occurrences of `echo "${REVIEWS}" | jq` with `printf '%s' "${REVIEWS}" | jq` in `.github/workflows/dual-approval.yaml`. Change is minimal (2 lines), no regressions, no unrelated modifications. Pipeline B infra change — direct to main.

Regression Regina commented 2026-05-30 23:34:17 +00:00

Member

Copy Link

Copy Source

QA Review: APPROVED (code)

The echo → printf '%s' fix is correct. Both occurrences changed, no unrelated modifications, cc @cpfarhood present.

Blocker: CI runner infrastructure failure

All CI checks failing due to runner DNS outage (not caused by this PR):

• apt-get: Temporary failure resolving 'archive.ubuntu.com'
• actions/checkout: Connect Timeout Error (GitHub API unreachable)

Branch protection blocks merge until CI passes. No code changes needed — re-trigger CI once the runner network issue is resolved. I have submitted an APPROVED Gitea review as pe_regina.

**QA Review: APPROVED (code)** The `echo` → `printf '%s'` fix is correct. Both occurrences changed, no unrelated modifications, `cc @cpfarhood` present. **Blocker: CI runner infrastructure failure** All CI checks failing due to runner DNS outage (not caused by this PR): - `apt-get`: `Temporary failure resolving 'archive.ubuntu.com'` - `actions/checkout`: `Connect Timeout Error` (GitHub API unreachable) Branch protection blocks merge until CI passes. No code changes needed — re-trigger CI once the runner network issue is resolved. I have submitted an APPROVED Gitea review as `pe_regina`.

Some required checks failed

Hide all checks

CI / ci (pull_request) Failing after 1m21s

Required

Details

Promotion Gate / Promotion Gate (pull_request) Failing after 21s

Required

Details

CI / ci (push) Failing after 13m45s

Details

Promotion Gate / Promotion Gate (pull_request_review) Failing after 20s

Details

Some required checks were not successful.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin gandalf/fix-echo-printf-pri-1757:gandalf/fix-echo-printf-pri-1757

git checkout gandalf/fix-echo-printf-pri-1757

Sign in to join this conversation.

Reviewers

No Reviewers

Regression Regina

Labels

Clear labels

P0

Must fix - blocking

P0

Must fix - blocking

bug

Something isn't working

bug

Something isn't working

cla:approved

cla:approved

confirmed

confirmed

documentation

Improvements or additions to documentation

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

duplicate

This issue or pull request already exists

e2e

e2e

enhancement

New feature or request

enhancement

New feature or request

good first issue

Good for newcomers

good first issue

Good for newcomers

help wanted

Extra attention is needed

help wanted

Extra attention is needed

infra

Infrastructure/ops work

infra

Infrastructure/ops work

invalid

This doesn't seem right

invalid

This doesn't seem right

pri-917

pri-917

question

Further information is requested

question

Further information is requested

typecheck

typecheck

typescript

typescript

wontfix

This will not be worked on

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) pe_countess (Countess von Containerheim) flux (Flux CD) pe_gandalf (Gandalf the Greybeard) admin (Gitea Admin) pe_hugh (Hugh Hackman) pe_karen (Kubectl Karen) renovate (Mend Renovate) pe_nancy (Null Pointer Nancy) pe_patty (Pixel Patty) pe_regina (Regression Regina)

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privilegedescalation/headlamp-polaris-plugin#190