How to access a GitHub issue comment body using GitHub Actions?

Question

This is how you setup the action triggers for GitHub issue comments in .github/workflows/main.yml:

on:
  issue_comment:
    types: [created, edited]

I assume that I can also read the issue comment inside main.yml and pass it as an input argument to my action.

How do I actually read the issue comment body?

Answer 1

For both event types:

- run: echo ${{ github.event.comment.body }}

For edited only; get comment body before edit:

- run: echo ${{ github.event.changes.body.from }}

You can also add one extra job to your workflow while you work on it...

jobs:
 dump:
  runs-on: ubuntu-latest
  steps:
  - name: $github
    run:   echo "$GITHUB_CONTEXT"
    env:
     GITHUB_CONTEXT: ${{ toJson(github) }}

 # ...

...so you can easily see all kind of data related to triggered event.

Answer 2

You should not run echo ${{ github.event.comment.body }}, because it potentially causes shell injection, which allows attackers do arbitrary code execution.

Run instead:

- name: print body
  env:
    BODY: ${{ github.event.comment.body }}
  run: echo "$BODY"

Worth reading: https://securitylab.github.com/research/github-actions-untrusted-input/#remediation