starred/act

Fork 0

mirror of https://github.com/nektos/act.git synced 2026-04-26 09:25:54 +03:00

[GH-ISSUE #1434] switch case statement not working? #748

New issue

Closed

opened 2026-03-01 21:46:04 +03:00 by kerem · 3 comments

kerem commented

2026-03-01 21:46:04 +03:00

Owner

Originally created by @fauxbytes on GitHub (Nov 12, 2022).
Original GitHub issue: https://github.com/nektos/act/issues/1434

Bug report info

act version:            0.2.30
GOOS:                   windows
GOARCH:                 amd64
NumCPU:                 12
Docker host:            DOCKER_HOST environment variable is unset/empty.
Sockets found:
        \\.\pipe\docker_engine
Config files:
        C:\Users\amitd\.actrc:
                -P ubuntu-latest=catthehacker/ubuntu:act-latest
                -P ubuntu-22.04=catthehacker/ubuntu:act-22.04
                -P ubuntu-20.04=catthehacker/ubuntu:act-20.04
                -P ubuntu-18.04=catthehacker/ubuntu:act-18.04
Build info:
        Go version:            go1.18.4
        Module path:           github.com/nektos/act
        Main version:          (devel)
        Main path:             github.com/nektos/act
        Main checksum:
        Build settings:
                -compiler:            gc
                -ldflags:             -s -w -X main.version=0.2.30 -X main.commit=3364f95569d8a39d440b18af69d29421fcc77b55 -X main.date=2022-08-01T02:56:59Z -X main.builtBy=goreleaser
                CGO_ENABLED:          0
                GOARCH:               amd64
                GOOS:                 windows
                GOAMD64:              v1
                vcs:                  git
                vcs.revision:         3364f95569d8a39d440b18af69d29421fcc77b55
                vcs.time:             2022-07-29T19:43:24Z
                vcs.modified:         false
Docker Engine:
        Engine version:        20.10.21
        Engine runtime:        runc
        Cgroup version:        1
        Cgroup driver:         cgroupfs
        Storage driver:        overlay2
        Registry URI:          https://index.docker.io/v1/
        OS:                    Docker Desktop
        OS type:               linux
        OS version:
        OS arch:               x86_64
        OS kernel:             4.19.128-microsoft-standard
        OS CPU:                12
        OS memory:             12654 MB
        Security options:
                name=seccomp,profile=default

Command used with act

act -j my-job

Describe issue

On github.com, am able to execute a case statement w/o issues

Link to GitHub repository

No response

Workflow content

name: hello-world
on: pull_request
jobs:
  my-job:
    runs-on: ubuntu-latest
    steps:
      - name: my-step
        run: |
          echo "target branch: ${{ github.base_ref }}"
          case ${{ github.base_ref }} in
            master) v=prod ;;
            development) v=dev ;;
            *) v=not_found
          esac
          envid=canvas-$v
          echo "environment set to: $envid"

Relevant log output

[hello-world/my-job] 🚀  Start image=catthehacker/ubuntu:act-latest
[hello-world/my-job]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=false
[hello-world/my-job]   🐳  docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[hello-world/my-job]   🐳  docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[hello-world/my-job] ⭐ Run Main my-step
[hello-world/my-job]   🐳  docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/0] user= workdir=
| target branch:
| /var/run/act/workflow/0: line 4: syntax error near unexpected token `master'
[hello-world/my-job]   ❌  Failure - Main my-step
[hello-world/my-job] exitcode '2': failure
[hello-world/my-job] 🏁  Job failed
Error: Job 'my-job' failed

Additional information

No response

Originally created by @fauxbytes on GitHub (Nov 12, 2022). Original GitHub issue: https://github.com/nektos/act/issues/1434 ### Bug report info ```plain text act version: 0.2.30 GOOS: windows GOARCH: amd64 NumCPU: 12 Docker host: DOCKER_HOST environment variable is unset/empty. Sockets found: \\.\pipe\docker_engine Config files: C:\Users\amitd\.actrc: -P ubuntu-latest=catthehacker/ubuntu:act-latest -P ubuntu-22.04=catthehacker/ubuntu:act-22.04 -P ubuntu-20.04=catthehacker/ubuntu:act-20.04 -P ubuntu-18.04=catthehacker/ubuntu:act-18.04 Build info: Go version: go1.18.4 Module path: github.com/nektos/act Main version: (devel) Main path: github.com/nektos/act Main checksum: Build settings: -compiler: gc -ldflags: -s -w -X main.version=0.2.30 -X main.commit=3364f95569d8a39d440b18af69d29421fcc77b55 -X main.date=2022-08-01T02:56:59Z -X main.builtBy=goreleaser CGO_ENABLED: 0 GOARCH: amd64 GOOS: windows GOAMD64: v1 vcs: git vcs.revision: 3364f95569d8a39d440b18af69d29421fcc77b55 vcs.time: 2022-07-29T19:43:24Z vcs.modified: false Docker Engine: Engine version: 20.10.21 Engine runtime: runc Cgroup version: 1 Cgroup driver: cgroupfs Storage driver: overlay2 Registry URI: https://index.docker.io/v1/ OS: Docker Desktop OS type: linux OS version: OS arch: x86_64 OS kernel: 4.19.128-microsoft-standard OS CPU: 12 OS memory: 12654 MB Security options: name=seccomp,profile=default ``` ### Command used with act ```sh act -j my-job ``` ### Describe issue On github.com, am able to execute a case statement w/o issues ### Link to GitHub repository _No response_ ### Workflow content ```yml name: hello-world on: pull_request jobs: my-job: runs-on: ubuntu-latest steps: - name: my-step run: | echo "target branch: ${{ github.base_ref }}" case ${{ github.base_ref }} in master) v=prod ;; development) v=dev ;; *) v=not_found esac envid=canvas-$v echo "environment set to: $envid" ``` ### Relevant log output ```sh [hello-world/my-job] 🚀 Start image=catthehacker/ubuntu:act-latest [hello-world/my-job] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=false [hello-world/my-job] 🐳 docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[] [hello-world/my-job] 🐳 docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[] [hello-world/my-job] ⭐ Run Main my-step [hello-world/my-job] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/0] user= workdir= | target branch: | /var/run/act/workflow/0: line 4: syntax error near unexpected token `master' [hello-world/my-job] ❌ Failure - Main my-step [hello-world/my-job] exitcode '2': failure [hello-world/my-job] 🏁 Job failed Error: Job 'my-job' failed ``` ### Additional information _No response_

kerem

2026-03-01 21:46:04 +03:00

closed this issue
added the
kind/bug
label

kerem commented

2026-03-01 21:46:05 +03:00

Author

Owner

@ChristopherHX commented on GitHub (Nov 12, 2022):

It is currently up to you to define github.head_ref, the default is empty
See https://github.com/nektos/act#events

Your workflow has a code injection security vulnerability.
${{ github.base_ref }} contains user provided branch names, which can alter the meaning of your script e.g. if it is empty like in your example.

You should replace ${{ github.base_ref }} with $GITHUB_BASE_REF to fix the security vulnerability in your worklfow. Ref https://docs.github.com/en/actions/learn-github-actions/environment-variables.

@ChristopherHX commented on GitHub (Nov 12, 2022): It is currently up to you to define `github.head_ref`, the default is empty See https://github.com/nektos/act#events Your workflow has a code injection security vulnerability. `${{ github.base_ref }}` contains user provided branch names, which can alter the meaning of your script e.g. if it is empty like in your example. You should replace `${{ github.base_ref }}` with `$GITHUB_BASE_REF` to fix the security vulnerability in your worklfow. Ref https://docs.github.com/en/actions/learn-github-actions/environment-variables.

kerem commented

2026-03-01 21:46:05 +03:00

Author

Owner

@fauxbytes commented on GitHub (Nov 12, 2022):

🤦‍♂️👍
Many thanks for the heads-up on vuln.

@fauxbytes commented on GitHub (Nov 12, 2022): 🤦‍♂️👍 Many thanks for the heads-up on vuln.

kerem commented

2026-03-01 21:46:05 +03:00

Author

Owner

@KnisterPeter commented on GitHub (Nov 12, 2022):

It's also a good practice to always surrounded your vars with double quotes. That would prevent the code injection as well.

@KnisterPeter commented on GitHub (Nov 12, 2022): It's also a good practice to always surrounded your vars with double quotes. That would prevent the code injection as well.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#748

No description provided.

Rows
Columns