fix(policies): split comma-separated values on each merged input line#3257
Merged
javirln merged 1 commit intoJul 1, 2026
Conversation
When a policy input declared as a comma-separated value in a workflow contract was merged with a runtime value supplied via --policy-input-from-file, getInputArguments split the merged string on newlines first and returned the multi-line slice as-is, skipping the per-value comma splitting. This collapsed the contract's comma-joined segment into a single literal glob containing commas that matched nothing. Normalize consistently by splitting each line on commas as well, so a comma-separated segment is always expanded into separate values regardless of whether a runtime value was appended. Assisted-by: Claude Code Signed-off-by: Javier Rodriguez <javier@chainloop.dev> Chainloop-Trace-Sessions: 20709f88-f555-488c-a8ae-e2d60903aff5, 7c9eb197-bbea-464f-9444-cd17ac09039c
Contributor
AI Session AnalysisMissing AI Coding SessionsWe detected commits in this PR that were AI-assisted, but the matching Chainloop Trace session(s) could not be found in Chainloop. Please make sure the AI coding session evidence has been sent by the Chainloop CLI, or add the Learn more about Chainloop Trace. Powered by Chainloop and Chainloop Trace |
migmartri
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When a policy input is declared as a comma-separated value in a workflow contract and the same input is also supplied at runtime via
--policy-input-from-file(#3244), the additive merge produced a malformed glob: the contract's comma-joined segment was never re-split on commas, collapsing into a single literal value containing commas that matched nothing.getInputArgumentssplit the merged string on newlines first and, as soon as there was more than one line, returned the multi-line slice as-is — the per-value comma splitting only ran on the single-line branch. As a result a contract value such as**/vendor/**,**/redist/**merged with runtime values yielded["**/vendor/**,**/redist/**", ...], whose first element is a single glob still containing commas.This normalizes multi-value inputs consistently: each line is now split on commas as well, so a comma-separated segment is always expanded into separate values regardless of whether a runtime value was appended. Escaped-comma (
\,) handling is preserved.AI assistance
This contribution was produced with the assistance of Claude Code.