From db18c4ddb922b8ae06cea8bdf900406dba9e1018 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 8 Mar 2026 15:51:19 +0000
Subject: [PATCH 1/2] Initial plan


From f322ac8682ec4e67ea00de431500c9c11abb00a1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 8 Mar 2026 15:56:08 +0000
Subject: [PATCH 2/2] fix: hoist regexp.MustCompile calls to package-level vars
 in validateExpressionForDangerousProps

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 pkg/workflow/expression_validation.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/workflow/expression_validation.go b/pkg/workflow/expression_validation.go
index 590ca8379ad..d8bdabd39bf 100644
--- a/pkg/workflow/expression_validation.go
+++ b/pkg/workflow/expression_validation.go
@@ -77,6 +77,10 @@ var (
 	stringLiteralRegex = regexp.MustCompile(`^'[^']*'$|^"[^"]*"$|^` + "`[^`]*`$")
 	// numberLiteralRegex matches integer and decimal number literals (with optional leading minus)
 	numberLiteralRegex = regexp.MustCompile(`^-?\d+(\.\d+)?$`)
+	// exprPartSplitRe splits expression strings on dot and bracket characters
+	exprPartSplitRe = regexp.MustCompile(`[.\[\]]+`)
+	// exprNumericPartRe matches purely numeric expression parts (array indices)
+	exprNumericPartRe = regexp.MustCompile(`^\d+$`)
 )
 
 // validateExpressionSafety checks that all GitHub Actions expressions in the markdown content
@@ -209,11 +213,11 @@ func validateExpressionForDangerousProps(expression string) error {
 	// Split expression into parts handling both dot notation (e.g., "github.event.issue")
 	// and bracket notation (e.g., "release.assets[0].id")
 	// Filter out numeric indices (e.g., "0" in "assets[0]")
-	parts := regexp.MustCompile(`[.\[\]]+`).Split(trimmed, -1)
+	parts := exprPartSplitRe.Split(trimmed, -1)
 
 	for _, part := range parts {
 		// Skip empty parts and numeric indices
-		if part == "" || regexp.MustCompile(`^\d+$`).MatchString(part) {
+		if part == "" || exprNumericPartRe.MatchString(part) {
 			continue
 		}