ADFA-3269 Safer handling of shell special characters

[hal-eisen-adfa]

Switch to using printf instead of simple shell concatenation

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3d72af16-ac20-4c04-8274-141ee0555665

📥 Commits

Reviewing files that changed from the base of the PR and between deafbbd and 28ad37e.

📒 Files selected for processing (1)

• .github/workflows/release.yml

---

📝 Walkthrough

Release Notes

• Improved shell special character handling: Replaced string concatenation with printf for constructing the Telegram message payload (line 708), ensuring proper escaping and handling of special characters and newlines in the Download URL and Git log output

• Fixed file formatting: Added proper trailing newline to the file (line 719) for better code quality and POSIX compliance

Security & Best Practices Notes

• Positive: The printf approach is more secure and POSIX-compliant than string concatenation, properly handling shell metacharacters and special characters that could be present in dynamic values like download URLs or commit messages

• Maintains existing safeguards: The implementation preserves the Telegram API's 4096-character message limit truncation, which prevents potential issues with oversized payloads

Walkthrough

The release workflow now uses printf-style formatting to construct Telegram messages instead of string concatenation, improving readability and newline handling. Additionally, the workflow file now properly ends with a trailing newline.

Changes

Cohort / File(s)	Summary
Workflow Configuration .github/workflows/release.yml	Refactored Telegram message construction from string concatenation to printf-based formatting for improved formatting control; added trailing newline at end-of-file.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A message takes shape with printf's grace,
No more strings tangled all over the place,
With newlines aligned and format so clean,
The workflow flows smoothly, the best we've seen!
hops away with satisfaction ✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ADFA-3269-bugfix

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can customize the tone of the review comments and chat replies.

Configure the tone_instructions setting to customize the tone of the review comments and chat replies. For example, you can set the tone to Act like a strict teacher, Act like a pirate and more.