From a61812bd2b40b8bc2417984423cecd0e65b9f9cd Mon Sep 17 00:00:00 2001
From: xiaosansiji <xiaosansiji@gmail.com>
Date: Mon, 17 Jul 2023 16:53:11 +0800
Subject: [PATCH] fix: action ci script security

---
 .github/workflows/auto-release.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index 57b5d26b6..08f55b02b 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -55,10 +55,11 @@ jobs:
           ref: ${{ steps.comment.outputs.branch }}
       - run: echo '${{ github.event.comment.body }}'
       - name: Commit and push if needed
+        env:
+          BODY: ${{ github.event.comment.body }}
         run: |
           txt=$(cat CHANGELOG.md)
-          body='${{ github.event.comment.body }}'
-          echo "${txt%%##*}${body}${txt##*---}" > CHANGELOG.md
+          echo "${txt%%##*} $BODY ${txt##*---}" > CHANGELOG.md
           git add .
           git config --local user.email "github-actions[bot]@users.noreply.github.com"
           git config --local user.name "github-actions[bot]"