dismiss Vale review and re-run after followup fixes by jth-nw · Pull Request #481 · netwrix/docs

jth-nw · 2026-03-11T18:15:24Z

No description provided.

GitHub Actions doesn't re-trigger workflows from its own commits, so the Vale inline comments remain unresolved after Claude pushes fixes, blocking merge. Add a post-fix step that: 1. Dismisses all previous Vale reviews 2. Pulls Claude's changes 3. Re-runs Vale on changed files 4. Posts a fresh review only if issues remain Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: dismiss Vale review and re-run after followup fixes

.github/workflows/claude-doc-pr.yml

+          done
+
+          # Pull latest changes from Claude's push
+          git pull origin ${{ steps.pr-info.outputs.branch }} 2>/dev/null || true


To fix this, we must stop interpolating the untrusted branch name directly into the run: script via ${{ ... }} and instead pass it as an environment variable, then reference it using standard shell variable syntax. This prevents arbitrary code injection because the shell receives only the resolved environment variable value, and proper quoting can be applied.

Concretely, in the step that currently contains:

run: | ... git pull origin ${{ steps.pr-info.outputs.branch }} 2>/dev/null || true

we should:

Add an env: section to this step that sets a safe environment variable, e.g. PR_BRANCH: ${{ steps.pr-info.outputs.branch }}.

Change the git pull invocation to use the shell variable, properly quoted: git pull origin "$PR_BRANCH" 2>/dev/null || true.

All other logic remains the same; we do not change how branch is computed or stored, only how it is consumed in the shell. No new imports or external libraries are required; only YAML changes within .github/workflows/claude-doc-pr.yml in the shown snippet.

jth-nw and others added 2 commits March 11, 2026 13:14

Merge pull request #480 from netwrix/fix/doc-pr-resolve-vale

ca964b1

fix: dismiss Vale review and re-run after followup fixes

jth-nw merged commit 296eed3 into main Mar 11, 2026
5 of 7 checks passed

github-advanced-security bot found potential problems Mar 11, 2026

View reviewed changes

@@ -273,6 +273,7 @@
                     if: steps.pr-info.outputs.is_fork == 'false' && steps.pr-info.outputs.targets_dev == 'true'
                     env:
                       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                      PR_BRANCH: ${{ steps.pr-info.outputs.branch }}
                     run: |
                       PR_NUMBER=${{ steps.pr-info.outputs.number }}
                       REPO=${{ github.repository }}
@@ -286,7 +287,7 @@
                       done
                       # Pull latest changes from Claude's push
-                      git pull origin ${{ steps.pr-info.outputs.branch }} 2>/dev/null || true
+                      git pull origin "$PR_BRANCH" 2>/dev/null || true
                       # Get changed files
                       CHANGED_MD_FILES=$(gh pr diff "$PR_NUMBER" --name-only | grep -E '^docs/.*\.md$' | grep -v '/CLAUDE\.md$' | grep -v '/SKILL\.md$' || true)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dismiss Vale review and re-run after followup fixes#481

dismiss Vale review and re-run after followup fixes#481
jth-nw merged 2 commits intomainfrom
dev

jth-nw commented Mar 11, 2026

Uh oh!

Uh oh!

Check failure

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

jth-nw commented Mar 11, 2026

Uh oh!

Uh oh!

Check failure

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant