actions/code-review
2
0
Fork 0
Code Pull Requests Actions Releases Activity

feat: refactor commitAndPush to use GIT_ASKPASS for authentication and add tests

Browse Source
This commit is contained in:
Jeffery
2026-05-12 01:01:19 +00:00
parent 66d93abe24
commit 9279050ca9
2 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/git.js
+20 -5
View File
@@ -1,7 +1,7 @@
import { spawnSync } from 'child_process';
import fs from 'fs';
import path from 'path';
import { GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_TOKEN, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
import { GITEA_SERVER_URL, GITEA_REPOSITORY, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
function git(args, cwd) {
const result = spawnSync('git', args, { cwd, encoding: 'utf8' });
@@ -11,21 +11,36 @@ function git(args, cwd) {
}
export async function commitAndPush(workspace) {
const remoteUrl = GITEA_SERVER_URL.replace(/\/$/, '')
.replace('https://', `https://${GITEA_TOKEN}@`)
.replace('http://', `http://${GITEA_TOKEN}@`) + `/${GITEA_REPOSITORY}.git`;
const remoteUrl = GITEA_SERVER_URL.replace(/\/$/, '') + `/${GITEA_REPOSITORY}.git`;
const repoDir = path.join(workspace, 'repo');
try {
if (!fs.existsSync(repoDir)) {
git(['clone', '--depth=1', '--branch', PR_HEAD_BRANCH, remoteUrl, repoDir], workspace);
// Use GIT_ASKPASS to provide token for authentication
gitWithToken(['clone', '--depth=1', '--branch', PR_HEAD_BRANCH, remoteUrl, repoDir], workspace);
}
git(['config', 'user.email', 'ai-review[bot]@gitea'], repoDir);
git(['config', 'user.name', 'AI Review Bot'], repoDir);
git(['fetch', 'origin', PR_HEAD_BRANCH], repoDir);
git(['checkout', PR_HEAD_BRANCH], repoDir);
// Helper to run git with GITEA_TOKEN via GIT_ASKPASS
import { GITEA_TOKEN } from './config.js';
function gitWithToken(args, cwd) {
const askPassScript = `#!/bin/sh\necho \"${GITEA_TOKEN}\"`;
const askPassPath = path.join(cwd, 'git-askpass.sh');
fs.writeFileSync(askPassPath, askPassScript, { mode: 0o700 });
const result = spawnSync('git', args, {
cwd,
encoding: 'utf8',
env: { ...process.env, GIT_ASKPASS: askPassPath },
});
fs.unlinkSync(askPassPath);
if (result.error) throw result.error;
if (result.status !== 0) throw new Error((result.stderr || result.stdout || '').trim());
return (result.stdout || '').trim();
}
// 將 findings.json 從 workspace 複製到 clone 的 repo
const srcFindings = path.join(workspace, FINDINGS_PATH);