From 351a64e28bc09e77eeab186555b1a587a2e4a5ba Mon Sep 17 00:00:00 2001
From: justinleeyang <justinleeyang@gmail.com>
Date: Wed, 11 Mar 2026 01:04:46 +0800
Subject: [PATCH] Fix workflow interpolation safety

---
 .github/workflows/label-bug-report.yml       | 4 +++-
 .github/workflows/label-feature-issue.yml    | 6 ++++--
 .github/workflows/update-govtool-version.yml | 7 +++----
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/label-bug-report.yml b/.github/workflows/label-bug-report.yml
index 230ffefc0..82532b5c5 100644
--- a/.github/workflows/label-bug-report.yml
+++ b/.github/workflows/label-bug-report.yml
@@ -14,9 +14,11 @@ jobs:
     steps:
       - name: Check if issue is a "🐛 Bug report"
         id: check_is_bug_report
+        env:
+          issue_title: "${{ github.event.issue.title }}"
         run: |
           echo "## Checking if issue is a 'Feature idea'..."
-          if [[ "${{ github.event.issue.title }}" == "🐛 "* ]]; then
+          if [[ "$issue_title" == "🐛 "* ]]; then
             echo "is_bug_report=true" >> $GITHUB_ENV
           else
             echo "is_bug_report=false" >> $GITHUB_ENV
diff --git a/.github/workflows/label-feature-issue.yml b/.github/workflows/label-feature-issue.yml
index 9ef4d6c86..e7c205d73 100644
--- a/.github/workflows/label-feature-issue.yml
+++ b/.github/workflows/label-feature-issue.yml
@@ -14,9 +14,11 @@ jobs:
     steps:
       - name: Check if issue is a "💡 Feature idea"
         id: check_is_feature_idea
+        env:
+          issue_title: "${{ github.event.issue.title }}"
         run: |
           echo "## Checking if issue is a 'Feature idea'..."
-          if [[ "${{ github.event.issue.title }}" == "💡 "* ]]; then
+          if [[ "$issue_title" == "💡 "* ]]; then
             echo "is_feature_idea=true" >> $GITHUB_ENV
           else
             echo "is_feature_idea=false" >> $GITHUB_ENV
@@ -89,4 +91,4 @@ jobs:
                 repo: context.repo.repo,
                 labels: ["User Story Needed"],
               });
-            }
\ No newline at end of file
+            }
diff --git a/.github/workflows/update-govtool-version.yml b/.github/workflows/update-govtool-version.yml
index c7156e268..35e127d3d 100644
--- a/.github/workflows/update-govtool-version.yml
+++ b/.github/workflows/update-govtool-version.yml
@@ -10,6 +10,8 @@ on:
 jobs:
   update-version:
     runs-on: ubuntu-latest
+    env:
+      VERSION: "${{ github.event.inputs.version }}"
 
     steps:
       - name: Checkout Repository
@@ -24,9 +26,6 @@ jobs:
           node-version-file: "./govtool/frontend/.nvmrc"
           scope: "@intersect.mbo"
 
-      - name: Set Version Variable
-        run: echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
-
       - name: Update package.json files and install dependencies
         run: |
           jq --arg v "$VERSION" '.version = $v' govtool/frontend/package.json > temp.json && mv temp.json govtool/frontend/package.json
@@ -55,7 +54,7 @@ jobs:
       - name: Update CHANGELOG.md
         run: |
           #!/bin/bash
-          VERSION="${{ github.event.inputs.version }}"
+          VERSION="$VERSION"
           TODAY=$(date +%Y-%m-%d)
           RELEASE_TAG="v$VERSION"
           RELEASE_LINK="[v$VERSION](https://github.com/IntersectMBO/govtool/releases/tag/$RELEASE_TAG)"