Skip to content

pr-comment: pipe POST body via stdin to avoid curl ARG_MAX failure#119

Merged
reuvenharrison merged 1 commit into
mainfrom
fix/pr-comment-curl-arg-list-too-long
May 22, 2026
Merged

pr-comment: pipe POST body via stdin to avoid curl ARG_MAX failure#119
reuvenharrison merged 1 commit into
mainfrom
fix/pr-comment-curl-arg-list-too-long

Conversation

@reuvenharrison
Copy link
Copy Markdown
Contributor

@reuvenharrison reuvenharrison commented May 22, 2026

Summary

Same class of bug as #118, one layer down. After #118 fixed the jq invocation, the next line on the failure path is:

response=$(curl ... -d "$payload")

The full JSON payload (~4 MB for the customer spec that surfaced the original jq case) goes through curl's argv via -d, exceeds the OS argument-length limit, and the script aborts with:

/entrypoint.sh: line 124: curl: Argument list too long

Downstream symptoms are identical to the original: free ::notice:: URL printed before the failure, no PR comment posted, no review-token link generated.

Fix

Pipe the payload to curl via stdin using --data-binary @-. printf is a POSIX shell builtin so the variable never goes through execve.

-response=$(curl -s -w "\n%{http_code}" -X POST \
+response=$(printf '%s' "$payload" | curl -s -w "\n%{http_code}" -X POST \
     "${service_url}/tenants/${oasdiff_token}/pr-comment" \
     -H "Content-Type: application/json" \
-    -d "$payload")
+    --data-binary @-)

Regression test

A companion job pr_comment_curl_handles_large_payload joins the existing pr_comment_handles_large_payload. The previous test exercises the jq path with an empty oasdiff_token, which short-circuits past the curl step. This one provides a non-empty token and stubs both oasdiff (multi-MB changelog source) and curl (records body byte count from stdin, emits a fake 200 response). Asserts the curl stub received >4 MB of body — proves the payload made it through stdin without hitting ARG_MAX on argv.

If someone reverts to -d "$payload", the synthetic 4 MB payload trips ARG_MAX on the runner and the test fails with a specific pointer at the cause.

Discovered by

Same customer thread as #118. After they bumped their pin to @main with #118 applied, the jq step now succeeds but the very next line fails identically, one layer down. Worth a quick code-walk of the entire failure path for any other --arg "$bigvar" patterns that might also trip ARG_MAX (none found — these were the two).

Test plan

  • bash -n pr-comment/entrypoint.sh clean
  • YAML parser accepts the workflow file
  • On merge: the new CI job confirms curl receives the multi-MB body via stdin
  • Customer re-runs their action against @main and confirms the Pro PR comment finally appears

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

Generated with Claude Code

@reuvenharrison @claude
pr-comment: pipe POST body via stdin to avoid curl ARG_MAX failure
062e830 
Same class of bug as #118 (jq ARG_MAX), one layer down. After #118
fixed the jq invocation, the next line on the failure path is

    response=$(curl ... -d "$payload")

The full JSON payload (~4 MB for the customer spec that surfaced the
jq case) goes through curl's argv via `-d`, exceeds the OS argument-
length limit (ARG_MAX, typically 2 MB on Linux), and the script
aborts with:

    /entrypoint.sh: line 124: curl: Argument list too long

right after the (now-successful) jq step, with the same downstream
symptoms: free `::notice::` URL printed, no PR comment posted, no
review-token link generated. Customer saw "same problem" after
bumping their pin to @main with #118 applied — the jq step now
works but the next layer hits the same trap.

Fix: pipe the payload to curl via stdin and use `--data-binary @-`
to consume from stdin. printf is a shell builtin so the variable
never goes through execve. Same shape as the jq fix.

Extends the test workflow with `pr_comment_curl_handles_large_payload`,
a companion to the existing `pr_comment_handles_large_payload`. The
previous test exercises the jq path with an empty oasdiff_token,
which short-circuits past the curl step. The new test exercises the
curl step itself by providing a non-empty token and stubbing both
oasdiff (multi-MB changelog source) and curl (records the body byte
count from stdin and emits a fake 200 response). Asserts the curl
stub was invoked with >4 MB of body — proves the payload made it
through stdin without hitting ARG_MAX on argv.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reuvenharrison reuvenharrison merged commit 7234ce2 into main May 22, 2026
40 checks passed
@reuvenharrison reuvenharrison deleted the fix/pr-comment-curl-arg-list-too-long branch May 22, 2026 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reuvenharrison