fix: use environment variables for action outputs in github-script

adslaton · adslaton · commit b3d18a7a47fb · 2025-07-29T13:32:54.000-04:00
The AI review output can contain backticks and other special characters
that break JavaScript template literals. Using environment variables
ensures the content is properly escaped and treated as a string.
diff --git a/.github/workflows/ai-pr-review.yml b/.github/workflows/ai-pr-review.yml
@@ -186,11 +186,14 @@ jobs:
       - name: Post review comment
         if: (steps.check_tests.outputs.result == 'true' || github.event_name != 'pull_request') && steps.check_recent_review.outputs.skip != 'true' && steps.ai_review.outputs.review_status == 'success'
         uses: actions/github-script@v7
+        env:
+          REVIEW_COMMENT: ${{ steps.ai_review.outputs.review_comment }}
+          AI_MODEL: ${{ vars.AI_MODEL || 'anthropic/claude-sonnet-4' }}
         with:
           github-token: ${{ github.token }}
           script: |
-            const review = `${{ steps.ai_review.outputs.review_comment }}`;
-            const model = '${{ vars.AI_MODEL || 'anthropic/claude-sonnet-4' }}';
+            const review = process.env.REVIEW_COMMENT;
+            const model = process.env.AI_MODEL;
 
             const comment = `## 🤖 AI Review\n\n${review}\n\n---\n` +
                             `*This review was automatically generated by \`${model}\` via OpenRouter. Please consider it as supplementary feedback alongside human review.*`;
@@ -229,7 +232,7 @@ jobs:
             await github.rest.issues.createComment({
               ...context.repo,
               issue_number: context.issue.number,
-              body: `## ⚠️ AI Review Failed\n\nThe AI review could not be completed. Status: ${steps.ai_review.outputs.review_status}\n\nThis could be due to:\n- API rate limiting\n- Large diff size\n- Temporary service issues\n\nPlease retry the review later or request manual review.`
+              body: `## ⚠️ AI Review Failed\n\nThe AI review could not be completed. Status: ${{ steps.ai_review.outputs.review_status }}\n\nThis could be due to:\n- API rate limiting\n- Large diff size\n- Temporary service issues\n\nPlease retry the review later or request manual review.`
             });
 
             // Fail the workflow step to indicate the review failure
@@ -242,10 +245,12 @@ jobs:
           steps.check_recent_review.outputs.skip != 'true' &&
           steps.ai_review.outputs.review_status == 'success'
         uses: actions/github-script@v7
+        env:
+          REVIEW_COMMENT: ${{ steps.ai_review.outputs.review_comment }}
         with:
           github-token: ${{ github.token }}
           script: |
-            const review = `${{ steps.ai_review.outputs.review_comment }}`.toLowerCase();
+            const review = process.env.REVIEW_COMMENT.toLowerCase();
 
             const labels = [];
 
