From 68b5a897a83beb867e8e66b300be0aa02518fcb7 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 27 Apr 2026 04:52:43 +0000
Subject: [PATCH 1/2] jsweep: clean action_setup_otlp.cjs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Simplify startMs parsing: replace parseInt+isFinite with Number()+isFinite
- Add test for partial number string edge case ('123abc' → startMs=0)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 actions/setup/js/action_setup_otlp.cjs      | 4 ++--
 actions/setup/js/action_setup_otlp.test.cjs | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/actions/setup/js/action_setup_otlp.cjs b/actions/setup/js/action_setup_otlp.cjs
index 3de1e20783e..00e6012bee3 100644
--- a/actions/setup/js/action_setup_otlp.cjs
+++ b/actions/setup/js/action_setup_otlp.cjs
@@ -44,8 +44,8 @@ async function run() {
 
   const { sendJobSetupSpan, isValidTraceId, isValidSpanId } = require(path.join(__dirname, "send_otlp_span.cjs"));
 
-  const parsedStartMs = parseInt(process.env.SETUP_START_MS || "0", 10);
-  const startMs = Number.isFinite(parsedStartMs) ? parsedStartMs : 0;
+  const rawMs = Number(process.env.SETUP_START_MS);
+  const startMs = Number.isFinite(rawMs) ? rawMs : 0;
 
   // Explicitly read INPUT_TRACE_ID and pass it as options.traceId so the
   // activation job's trace ID is used even when process.env propagation
diff --git a/actions/setup/js/action_setup_otlp.test.cjs b/actions/setup/js/action_setup_otlp.test.cjs
index ffdf3e20ef2..668b530ccba 100644
--- a/actions/setup/js/action_setup_otlp.test.cjs
+++ b/actions/setup/js/action_setup_otlp.test.cjs
@@ -164,6 +164,14 @@ describe("action_setup_otlp.cjs", () => {
 
       expect(mockSendJobSetupSpan).toHaveBeenCalledWith(expect.objectContaining({ startMs: 0 }));
     });
+
+    it("should pass startMs=0 when SETUP_START_MS is a partial number string like '123abc'", async () => {
+      process.env.SETUP_START_MS = "123abc";
+
+      await run();
+
+      expect(mockSendJobSetupSpan).toHaveBeenCalledWith(expect.objectContaining({ startMs: 0 }));
+    });
   });
 
   describe("INPUT_TRACE_ID handling", () => {

From c584709569581816ee8a613a4b7fd4929a4cebef Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 14:04:47 +0000
Subject: [PATCH 2/2] fix: tighten SETUP_START_MS parsing to reject
 hex/scientific notation

Use /^\d+$/ regex + Number.isSafeInteger to ensure only plain
decimal-integer strings are accepted. Rejects '1e3', '0x10',
'1.5', '-1', '123abc', etc. Adds two new tests to document
the stricter behaviour.

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/ca363e52-dba5-4de1-8c73-4d454325531d

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 actions/setup/js/action_setup_otlp.cjs      |  5 +++--
 actions/setup/js/action_setup_otlp.test.cjs | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/actions/setup/js/action_setup_otlp.cjs b/actions/setup/js/action_setup_otlp.cjs
index 00e6012bee3..5af21e42e8f 100644
--- a/actions/setup/js/action_setup_otlp.cjs
+++ b/actions/setup/js/action_setup_otlp.cjs
@@ -44,8 +44,9 @@ async function run() {
 
   const { sendJobSetupSpan, isValidTraceId, isValidSpanId } = require(path.join(__dirname, "send_otlp_span.cjs"));
 
-  const rawMs = Number(process.env.SETUP_START_MS);
-  const startMs = Number.isFinite(rawMs) ? rawMs : 0;
+  const rawStartMs = process.env.SETUP_START_MS;
+  const parsedMs = /^\d+$/.test(rawStartMs ?? "") ? Number(rawStartMs) : NaN;
+  const startMs = Number.isSafeInteger(parsedMs) ? parsedMs : 0;
 
   // Explicitly read INPUT_TRACE_ID and pass it as options.traceId so the
   // activation job's trace ID is used even when process.env propagation
diff --git a/actions/setup/js/action_setup_otlp.test.cjs b/actions/setup/js/action_setup_otlp.test.cjs
index 668b530ccba..6527246f4e0 100644
--- a/actions/setup/js/action_setup_otlp.test.cjs
+++ b/actions/setup/js/action_setup_otlp.test.cjs
@@ -172,6 +172,22 @@ describe("action_setup_otlp.cjs", () => {
 
       expect(mockSendJobSetupSpan).toHaveBeenCalledWith(expect.objectContaining({ startMs: 0 }));
     });
+
+    it("should pass startMs=0 when SETUP_START_MS is scientific notation like '1e3'", async () => {
+      process.env.SETUP_START_MS = "1e3";
+
+      await run();
+
+      expect(mockSendJobSetupSpan).toHaveBeenCalledWith(expect.objectContaining({ startMs: 0 }));
+    });
+
+    it("should pass startMs=0 when SETUP_START_MS is hex notation like '0x10'", async () => {
+      process.env.SETUP_START_MS = "0x10";
+
+      await run();
+
+      expect(mockSendJobSetupSpan).toHaveBeenCalledWith(expect.objectContaining({ startMs: 0 }));
+    });
   });
 
   describe("INPUT_TRACE_ID handling", () => {