Contributor

A lot of questions we get around SyntaxErrors are due to misusing Actions Expressions with the script - https://github.com/actions/github-script/issues?q=is:issue%20state:closed%20SyntaxError

• Unexpected token 'var' #220
• Error: Unhandled error: SyntaxError: Unexpected token '{' #401
• Syntax Error only on Actions? #567
• Problem when constructing output with value from environment variable #597

This was documented in #126, but I believe it's worth clearly highlighting the security risks of using Actions expressions within the script and moving it up in the README as it's a common scenario.

Hello from actions/github-script! (23886ca)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR clarifies how to safely pass inputs into the script step by using environment variables instead of inline Actions expressions, and highlights the security risks of script injection.

• Adds a new Passing inputs to the script section with example usage
• Removes the outdated Use env as input snippet further down in the README

johnsudol approved these changes May 13, 2025

View reviewed changes

Problem when constructing output with value from environment variable #597

Bump actions/github-script from 7 to 8 labrynx/auto_comments#29

Bump actions/github-script from 7 to 8 senzing-factory/build-resources#236

Epic 0: Firebase auth, Cloud Run deploy, CI/CD automation petry-projects/broodly#51