SNOW-2069227: Update Jira workflows #173
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR modernizes Jira integration workflows by replacing deprecated Atlassian marketplace actions with direct curl-based REST API calls, eliminating dependency on external repositories and improving maintainability.
- Replaced deprecated Atlassian gajira actions with native curl REST API calls
- Removed dependency on external snowflakedb/gh-actions repository
- Added proper error handling and response validation for JIRA operations
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .github/workflows/jira_issue.yml | Replaces gajira actions with curl-based JIRA issue creation and GitHub comment updates |
| .github/workflows/jira_close.yml | Replaces gajira actions with curl-based JIRA issue closure via REST API |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
.github/workflows/jira_issue.yml
Outdated
| # Escape special characters in title and body | ||
| TITLE=$(echo '${{ github.event.issue.title }}' | sed 's/"/\\"/g' | sed "s/'/\\\'/g") | ||
| BODY=$(echo '${{ github.event.issue.body }}' | sed 's/"/\\"/g' | sed "s/'/\\\'/g") | ||
|
|
||
| - name: Create JIRA Ticket | ||
| id: create | ||
| uses: atlassian/[email protected] | ||
| with: | ||
| project: SNOW | ||
| issuetype: Bug | ||
| summary: ${{ github.event.issue.title }} | ||
| description: | | ||
| ${{ github.event.issue.body }} \\ \\ _Created from GitHub Action_ for ${{ github.event.issue.html_url }} | ||
| # Assign triage-ml-platform-dl and set "ML Platform" component (19112). | ||
| # See https://snowflakecomputing.atlassian.net/rest/api/2/project/SNOW/components for component information. | ||
| fields: '{"customfield_11401":{"id":"14538"}, "assignee":{"id":"639020ab3c26ca7fa0d6eb3f"},"components":[{"id":"19112"}]}' | ||
| # Create JIRA issue using REST API | ||
| RESPONSE=$(curl -s -X POST \ | ||
| -H "Content-Type: application/json" \ | ||
| -H "Accept: application/json" \ | ||
| -u "$JIRA_USER_EMAIL:$JIRA_API_TOKEN" \ | ||
| "$JIRA_BASE_URL/rest/api/2/issue" \ | ||
| -d '{ | ||
| "fields": { | ||
| "project": { | ||
| "key": "SNOW" | ||
| }, | ||
| "issuetype": { | ||
| "name": "Bug" | ||
| }, | ||
| "summary": "'"$TITLE"'", | ||
| "description": "'"$BODY"' \\\\ \\\\ _Created from GitHub Action_ for ${{ github.event.issue.html_url }}", | ||
| "customfield_11401": {"id": "14723"}, | ||
| "assignee": {"id": "712020:e527ae71-55cc-4e02-9217-1ca4ca8028a2"}, | ||
| "components": [{"id": "19292"}], | ||
| "labels": ["oss"], | ||
| "priority": {"id": "10001"} | ||
| } | ||
| }') |
There was a problem hiding this comment.
Direct variable interpolation in JSON strings creates injection vulnerabilities. If TITLE or BODY contain special JSON characters or escape sequences, they could break the JSON structure or inject malicious content. Use jq to safely construct the JSON payload instead of string interpolation.
Copilot uses AI. Check for mistakes.
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
This PR updates the Jira workflows (.github/workflows/jira_close.yml, .github/workflows/jira_issue.yml) to use curl. Atlassian marketplace actions are deprecated and we also want to remove dependency on another repo.