Skip to content

Validate Jira base URL before API calls #506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jirhiker merged 1 commit into from
Feb 13, 2026
Merged

Validate Jira base URL before API calls #506

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 36 additions & 1 deletion .github/workflows/jira_codex_pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,27 @@ jobs:
MAX_DESC_CHARS: ${{ env.MAX_DESC_CHARS }}
run: |
set -euo pipefail
for v in JIRA_BASE_URL JIRA_EMAIL JIRA_API_TOKEN JIRA_KEY; do
if [ -z "${!v:-}" ]; then
echo "Missing required Jira configuration: $v"
exit 1
fi
done

case "$JIRA_BASE_URL" in
http://*|https://*) ;;
*)
echo "JIRA_BASE_URL must include scheme and host (e.g., https://your-domain.atlassian.net)"
exit 1
;;
esac
Comment on lines +111 to +117
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URL scheme validation only checks if JIRA_BASE_URL starts with "http://" or "https://", but doesn't verify that there's actually a hostname after the scheme. This would allow invalid URLs like "http://" or "https://" to pass validation. Consider adding a more robust check that ensures the URL contains both a scheme and a hostname, for example by checking if the URL contains at least one character after the scheme and "://".

Copilot uses AI. Check for mistakes.

JIRA_BASE_URL="${JIRA_BASE_URL%/}"
Comment on lines +104 to +119
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The validation logic for Jira configuration is duplicated between this step and the "Comment back on Jira with PR link" step (lines 384-400). Consider extracting this validation into a reusable composite action or a shared shell script to avoid duplication and ensure consistency in validation logic across both steps.

Suggested change
for v in JIRA_BASE_URL JIRA_EMAIL JIRA_API_TOKEN JIRA_KEY; do
if [ -z "${!v:-}" ]; then
echo "Missing required Jira configuration: $v"
exit 1
fi
done
case "$JIRA_BASE_URL" in
http://*|https://*) ;;
*)
echo "JIRA_BASE_URL must include scheme and host (e.g., https://your-domain.atlassian.net)"
exit 1
;;
esac
JIRA_BASE_URL="${JIRA_BASE_URL%/}"
jira_validate_jira_config() {
for v in JIRA_BASE_URL JIRA_EMAIL JIRA_API_TOKEN JIRA_KEY; do
if [ -z "${!v:-}" ]; then
echo "Missing required Jira configuration: $v"
exit 1
fi
done
case "$JIRA_BASE_URL" in
http://*|https://*) ;;
*)
echo "JIRA_BASE_URL must include scheme and host (e.g., https://your-domain.atlassian.net)"
exit 1
;;
esac
JIRA_BASE_URL="${JIRA_BASE_URL%/}"
}
jira_validate_jira_config

Copilot uses AI. Check for mistakes.
ISSUE_URL="$JIRA_BASE_URL/rest/api/3/issue/$JIRA_KEY"

curl -fsS --retry 3 --retry-all-errors -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
-H "Accept: application/json" \
"$JIRA_BASE_URL/rest/api/3/issue/$JIRA_KEY" > jira.json
"$ISSUE_URL" > jira.json

SUMMARY=$(jq -r '.fields.summary // empty' jira.json)
ISSUE_TYPE=$(jq -r '.fields.issuetype.name // empty' jira.json)
Expand Down Expand Up @@ -363,6 +381,23 @@ jobs:
PR_URL: ${{ steps.pr.outputs.PR_URL }}
run: |
set -euo pipefail
for v in JIRA_BASE_URL JIRA_EMAIL JIRA_API_TOKEN JIRA_KEY; do
if [ -z "${!v:-}" ]; then
echo "Missing required Jira configuration: $v"
exit 1
fi
done

case "$JIRA_BASE_URL" in
http://*|https://*) ;;
*)
echo "JIRA_BASE_URL must include scheme and host (e.g., https://your-domain.atlassian.net)"
exit 1
;;
esac

Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URL scheme validation only checks if JIRA_BASE_URL starts with "http://" or "https://", but doesn't verify that there's actually a hostname after the scheme. This would allow invalid URLs like "http://" or "https://" to pass validation. Consider adding a more robust check that ensures the URL contains both a scheme and a hostname, for example by checking if the URL contains at least one character after the scheme and "://".

Suggested change
host_and_rest="${JIRA_BASE_URL#*://}"
jira_host="${host_and_rest%%/*}"
if [ -z "$jira_host" ]; then
echo "JIRA_BASE_URL must include scheme and host (e.g., https://your-domain.atlassian.net)"
exit 1
fi

Copilot uses AI. Check for mistakes.
JIRA_BASE_URL="${JIRA_BASE_URL%/}"
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After normalizing the trailing slash on line 399, the JIRA_BASE_URL is used on line 427 to construct the API endpoint. However, unlike the "Fetch Jira issue JSON" step (line 120), this step doesn't store the normalized URL in an intermediate variable (ISSUE_URL). While the current implementation works, consider adding an ISSUE_URL variable here as well for consistency with the first step and to make the curl command clearer.

Copilot uses AI. Check for mistakes.

if [ -z "$PR_URL" ] || [ "$PR_URL" = "null" ]; then
echo "No PR URL found; skipping Jira comment."
exit 0
Expand Down
Loading