Skip to content

fix(policies): split comma-separated values on each merged input line#3257

Merged
javirln merged 1 commit into
chainloop-dev:mainfrom
javirln:pfm-6532-bug-policy-input-from-file-merge-collap
Jul 1, 2026
Merged

fix(policies): split comma-separated values on each merged input line#3257
javirln merged 1 commit into
chainloop-dev:mainfrom
javirln:pfm-6532-bug-policy-input-from-file-merge-collap

Conversation

@javirln

@javirln javirln commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

When a policy input is declared as a comma-separated value in a workflow contract and the same input is also supplied at runtime via --policy-input-from-file (#3244), the additive merge produced a malformed glob: the contract's comma-joined segment was never re-split on commas, collapsing into a single literal value containing commas that matched nothing.

getInputArguments split the merged string on newlines first and, as soon as there was more than one line, returned the multi-line slice as-is — the per-value comma splitting only ran on the single-line branch. As a result a contract value such as **/vendor/**,**/redist/** merged with runtime values yielded ["**/vendor/**,**/redist/**", ...], whose first element is a single glob still containing commas.

This normalizes multi-value inputs consistently: each line is now split on commas as well, so a comma-separated segment is always expanded into separate values regardless of whether a runtime value was appended. Escaped-comma (\,) handling is preserved.

AI assistance

This contribution was produced with the assistance of Claude Code.

Review in cubic

When a policy input declared as a comma-separated value in a workflow
contract was merged with a runtime value supplied via
--policy-input-from-file, getInputArguments split the merged string on
newlines first and returned the multi-line slice as-is, skipping the
per-value comma splitting. This collapsed the contract's comma-joined
segment into a single literal glob containing commas that matched
nothing.

Normalize consistently by splitting each line on commas as well, so a
comma-separated segment is always expanded into separate values
regardless of whether a runtime value was appended.

Assisted-by: Claude Code
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>

Chainloop-Trace-Sessions: 20709f88-f555-488c-a8ae-e2d60903aff5, 7c9eb197-bbea-464f-9444-cd17ac09039c
@chainloop-platform

Copy link
Copy Markdown
Contributor

AI Session Analysis

Missing AI Coding Sessions

We detected commits in this PR that were AI-assisted, but the matching Chainloop Trace session(s) could not be found in Chainloop.

Please make sure the AI coding session evidence has been sent by the Chainloop CLI, or add the skip-ai-session label to this PR to bypass this check.

Learn more about Chainloop Trace.


Powered by Chainloop and Chainloop Trace

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Re-trigger cubic

@javirln javirln requested a review from a team July 1, 2026 10:54
@javirln javirln merged commit b18fe45 into chainloop-dev:main Jul 1, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants