DEV Community

Mark Tse
Mark Tse

Posted on


Run arbitrary commands via a comment and commit the changes

DISCLAIMER: the Run terminal command GitHub Action allows for arbtrary code execution by any user allowed to comment on your issues or pull requests. You should probably never use this except to explore what GitHub Actions could do.

To avoid security issues, replace the use of the Run terminal command GitHub Action with something that validates input or with something that always runs the same command.

My Workflow

This workflow allows you to run any command and commit the changes back into a pull request. For example, you can run /terminal npm version patch --no-git-tag-version to bump the patch version of your Node package.

This workflow:

  • Only runs on new pull request comments and only if the comment starts with /terminal
  • Acknowledges comments that start with /terminal by reacting with a +1
  • Determines what pull request the comment came from and gets the corresponding branch name
  • Checks out the code at that branch
  • Runs the command, commits the changes, and pushes it back to the branch

Submission Category:

Maintainer Must-Haves

Yaml File or Link to Code

    types: [created]

    if: contains(github.event.comment.html_url, '/pull/') && startsWith( github.event.comment.body, '/terminal ' )
    runs-on: ubuntu-latest
      - name: Acknowledge command
        uses: actions/github-script@v3
          script: |
              owner: context.repo.owner,
              repo: context.repo.repo,
              content: '+1',
      - id: get-ref
        name: Get branch name
        uses: actions/github-script@v3
          result-encoding: string
          script: |
            const response = await github.pulls.get({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: context.payload.issue.number

      - uses: actions/checkout@v2
          ref: ${{ steps.get-ref.outputs.result }}
      - uses: actions/setup-node@v1
          node-version: '12'
      - id: terminal
        uses: neverendingqs/gh-action-terminal@main
      - run: |
          git config github-actions[bot]
          git config 41898282+github-actions[bot]

          git commit -am "chore: update after '${COMMAND}'."
          git push
          COMMAND: ${{ steps.terminal.outputs.command }}

Additional Resources / Info

Top comments (0)

50 CLI Tools You Can't Live Without

The top 50 must-have CLI tools, including some scripts to help you automate the installation and updating of these tools on various systems/distros.