Summary
When --allow-domains contains a GitHub Actions expression (e.g. a ternary using ${{ env.VAR == 'value' && ... || ... }}), the compiler generates single-quoted shell escaping that prevents GitHub Actions from evaluating the expression, causing HTTP 422 Unexpected inputs errors when dispatching workflows via gh workflow run or the API.
Related
This is a more severe variant of the SC1003 quoting issues previously tracked in #17671 and #17850 (closed). Those issues covered static domain lists. This issue covers ${{ }} expressions inside --allow-domains, which breaks at the GitHub Actions layer, not just shellcheck.
Reproduction
A workflow .md with a network section like:
network:
allowed:
- "${{ env.MCP_ENV == 'staging' && env.MCP_URL_STAGING || env.MCP_URL_PROD }}"
- "errors.code.visualstudio.com"Compiles to a lock file with:
--allow-domains '${{ env.MCP_ENV == '\''staging'\'' && env.MCP_URL_STAGING || env.MCP_URL_PROD }},errors.code.visualstudio.com'The '\''staging'\'' shell escape sequences are embedded inside the ${{ }} expression string, which GitHub Actions sees as a malformed expression. When gh workflow run sends the dispatch event, GitHub returns:
HTTP 422: Unexpected inputs provided
Expected behavior
The compiler should emit double-quoted arguments when the domain value contains a ${{ }} expression, so GitHub Actions can evaluate it before the shell sees it:
--allow-domains "${{ env.MCP_ENV == 'staging' && env.MCP_URL_STAGING || env.MCP_URL_PROD }},errors.code.visualstudio.com"Since ${{ }} is interpolated by GitHub Actions before the shell runs, 'staging' inside the expression is fine and the shell never needs to escape it.
Workaround
Manually post-process the compiled lock files to replace:
--allow-domains '${{ env.MCP_ENV == '\''staging'\'' && ... }},<domains>'
with:
--allow-domains "${{ env.MCP_ENV == 'staging' && ... }},<domains>"
This must be reapplied every time the workflow is recompiled (confirmed with v0.68.1).
Environment
gh aw version: v0.68.1- Affected workflows: any workflow using a
${{ }} ternary in network.allowed
Summary
When
--allow-domainscontains a GitHub Actions expression (e.g. a ternary using${{ env.VAR == 'value' && ... || ... }}), the compiler generates single-quoted shell escaping that prevents GitHub Actions from evaluating the expression, causingHTTP 422 Unexpected inputserrors when dispatching workflows viagh workflow runor the API.Related
This is a more severe variant of the SC1003 quoting issues previously tracked in #17671 and #17850 (closed). Those issues covered static domain lists. This issue covers
${{ }}expressions inside--allow-domains, which breaks at the GitHub Actions layer, not just shellcheck.Reproduction
A workflow
.mdwith a network section like:Compiles to a lock file with:
The
'\''staging'\''shell escape sequences are embedded inside the${{ }}expression string, which GitHub Actions sees as a malformed expression. Whengh workflow runsends the dispatch event, GitHub returns:Expected behavior
The compiler should emit double-quoted arguments when the domain value contains a
${{ }}expression, so GitHub Actions can evaluate it before the shell sees it:--allow-domains "${{ env.MCP_ENV == 'staging' && env.MCP_URL_STAGING || env.MCP_URL_PROD }},errors.code.visualstudio.com"Since
${{ }}is interpolated by GitHub Actions before the shell runs,'staging'inside the expression is fine and the shell never needs to escape it.Workaround
Manually post-process the compiled lock files to replace:
with:
This must be reapplied every time the workflow is recompiled (confirmed with v0.68.1).
Environment
gh aw version: v0.68.1${{ }}ternary innetwork.allowed