Skip to content

doc updates #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jenseng merged 1 commit into from
Oct 8, 2025
Merged

doc updates #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion LICENSE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ISC License

Copyright 2024 Jon Jensen
Copyright 2024-2025 Jon Jensen

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

Expand Down
23 changes: 19 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,14 @@ By using a multi-line string, you can keep things fairly manageable, and dealing
For example, instead of this:

```yaml
with: '{ "environment": "test", "cluster": "", "user": "Reilly O\'Reilly" }'
with: '{ "environment": "test", "cluster": "", "user": "Reilly O''Reilly" }'
```

or this:

```yaml
with: "{ \"environment\": \"test\", \"cluster\": \"\", \"user\": \"Reilly O'Reilly\" }"
```

Prefer this:

Expand All @@ -99,7 +104,7 @@ with: |

### Use `toJSON` for anything dynamic

If you have dynamic bits you are including in the `with` string, you should use `toJSON` to ensure they are handled correctly. This will protect against malicious user input (e.g. `github.event.pull_request.title`), as well as mistakes that can break quoting (e.g. `env.trustedValueThatMightHaveQuotes`).
If you have any expressions in the `with` string, you should use `toJSON` to ensure they are handled correctly. This will protect against malicious user input (e.g. `github.event.pull_request.title`), as well as mistakes that can break quoting or escape sequences (e.g. `env.trustedValueThatMightHaveQuotes`).

For example, instead of this:

Expand All @@ -123,11 +128,21 @@ with: |
```


## Gotchas/limitations

- The `with` inputs to the action need to be converted to a single JSON object string (see examples above)
- Any outputs from the action will be serialized into a single `outputs` JSON object string. You can then access things using helpers like `fromJSON`, e.g. `fromJSON(steps.foo.outputs.outputs).something`
- All outputs from the action will be serialized as a JSON object output named `outputs` . You can access specific outputs by using the `fromJSON` helper in an expression. For example:
```yaml
- id: setup_node
uses: jenseng/dynamic-uses@v1
with:
uses: actions/setup-node@${{ inputs.version }}
with: '{ "node-version": 18 }'
- env:
# pull the node-version out of the outputs
node_version: ${{ fromJSON(steps.setup_node.outputs.outputs).node-version }}
run: echo "Installed $node_version"
```
- GitHub Actions has several bugs impacting nested composite actions (e.g. https://github.com/actions/runner/issues/2800, https://github.com/actions/runner/issues/2009). When you use dynamic-uses to call another composite action, these bugs can cause problems like blank/wrong `inputs` or `ouputs` within that action. As a workaround, you can try passing data along with `GITHUB_ENV` instead.

## License
Expand Down