fix(ci): pass PR title to commitlint via environment variable by AdnaneKhan · Pull Request #9414

fix(ci): pass PR title to commitlint via environment variable by AdnaneKhan · Pull Request #9414 · RaspberryPiFoundation/blockly

The basics

The commitlint workflow currently uses the PR title via actions context variable which can be used to pass code. Fortunately the GITHUB_TOKEN is scoped down, but this can turn into a problem later if a privileged workflow (such as one that has contents:write) consumes from the cache. This PR fixes that risk.

I validated my changes

The details

Proposed Changes

Sanitize PR title via env var.

Reason for Changes

Fix actions injection.

Test Coverage

N/A

The basics

The details

Proposed Changes

Reason for Changes

Test Coverage

Documentation

Additional Information