From 8bf74d155e126bcf088d868d5da32aa28d2ea684 Mon Sep 17 00:00:00 2001
From: aaronmedina-dev <aaron.medina@aligent.com.au>
Date: Mon, 1 Jun 2026 13:40:43 +0930
Subject: [PATCH] Fix Publish Release Info step failing to parse published
 packages

The Publish Release Info step passes the published packages JSON to jq
through the STEPS_CHANGESETS_OUTPUTS_PUBLISHEDPACKAGES env var, but it
referenced that variable inside single quotes. Single quotes stop the
shell from expanding the variable, so jq received the literal text
${STEPS_CHANGESETS_OUTPUTS_PUBLISHEDPACKAGES} instead of the JSON array
and exited with "Invalid numeric literal at line 1, column 2" (exit 5),
which failed the whole release job even though publishing succeeded.

Switching to double quotes lets the shell expand the env var while
keeping the value out of the inline script, so the template injection
hardening stays in place.
---
 .github/workflows/changeset-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/changeset-release.yml b/.github/workflows/changeset-release.yml
index dc68f5c..e42c381 100644
--- a/.github/workflows/changeset-release.yml
+++ b/.github/workflows/changeset-release.yml
@@ -172,7 +172,7 @@ jobs:
         if: steps.changesets.outputs.published == 'true'
         run: |
           echo "Published packages:"
-          echo '${STEPS_CHANGESETS_OUTPUTS_PUBLISHEDPACKAGES}' | jq -r '.[] | "- \(.name)@\(.version)"'
+          echo "${STEPS_CHANGESETS_OUTPUTS_PUBLISHEDPACKAGES}" | jq -r '.[] | "- \(.name)@\(.version)"'
         env:
           STEPS_CHANGESETS_OUTPUTS_PUBLISHEDPACKAGES: ${{ steps.changesets.outputs.publishedPackages }}