fix: 修正 findings.json 路徑重複問題

Dockerfile

@@ -1,8 +1,4 @@
-FROM node:20-slim
+FROM node:20
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    git \
-    && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /action
 

TODO.md

@@ -27,6 +27,7 @@
 
 ---
 
+
 每個階段都會加上明確的 log，並確保即使部分功能未完成也能降級執行、不會中斷 pipeline。
 
 每次執行後請貼 log，我會協助 debug。

app/git.js

@@ -0,0 +1,49 @@
+import fs from 'fs';
+import path from 'path';
+import axios from 'axios';
+import https from 'https';
+import { GITEA_TOKEN, GITEA_SERVER_URL, GITEA_REPOSITORY, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
+
+const httpsAgent = new https.Agent({ rejectUnauthorized: false });
+const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
+const api = (p) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${p}`;
+
+export async function commitAndPush(workspace) {
+  try {
+    const fullPath = path.join(workspace, FINDINGS_PATH);
+    const content = fs.readFileSync(fullPath, 'utf8');
+    const encoded = Buffer.from(content).toString('base64');
+    const url = api(`/repos/${GITEA_REPOSITORY}/contents/${FINDINGS_PATH}`);
+
+    // 取得現有檔案 SHA（若存在）
+    let sha;
+    try {
+      const res = await axios.get(`${url}?ref=${encodeURIComponent(PR_HEAD_BRANCH)}`, { headers: headers(), httpsAgent, timeout: 15000 });
+      sha = res.data.sha;
+    } catch {
+      sha = undefined;
+    }
+
+    const payload = JSON.stringify({
+      message: 'chore: update ai-review findings [skip ci]',
+      content: encoded,
+      branch: PR_HEAD_BRANCH,
+      ...(sha ? { sha } : {}),
+    });
+
+    const resp = await axios.request({
+      method: sha ? 'put' : 'post',
+      url,
+      headers: { ...headers(), 'Content-Type': 'application/json' },
+      httpsAgent,
+      timeout: 30000,
+      data: payload,
+    });
+
+    const commitHash = resp.data.commit?.sha?.slice(0, 7) || 'unknown';
+    console.log(`  ✅ persisted findings  commit=${commitHash}  push=${PR_HEAD_BRANCH}`);
+  } catch (e) {
+    const detail = e.response?.data ? JSON.stringify(e.response.data) : e.message;
+    console.log(`  ⚠️  Runner failed: commit/push 失敗: ${e.response?.status || ''} ${detail}`);
+  }
+}

app/main.js

@@ -3,6 +3,7 @@ import { loadRoles, getRoleIntro } from './roles.js';
 import { getPRDiff, postComment } from './gitea.js';
 import { analyzeWithRole, loadOldFindings, mergeFindings, sortByLevel, deduplicateWithAI } from './findings.js';
 import { saveFindings, postOldFindingsComment, postNewNonCriticalComment, postNewCriticalComments } from './comments.js';
+import { commitAndPush } from './git.js';
 
 const WORKSPACE = process.env.GITHUB_WORKSPACE || '/workspace';
 
@@ -88,11 +89,19 @@ async function main() {
     console.log(`  ⚠️  comment 發布失敗（繼續執行）: ${e.message}`);
   }
 
-  console.log('\n💾 Step5: 記憶區 Commit/Push（待實作）');
+  // Step5: commit/push findings.json 到來源分支
-  console.log('  [stub] commit & push findings.json...');
+  console.log('\n💾 Step5: 記憶區 Commit/Push');
+  await commitAndPush(WORKSPACE);
 
-  console.log('\n🚦 Step6: 嚴重問題檢查（待實作）');
+  // Step6: 有 critical 問題則 exit 1
-  console.log('  [stub] 檢查 critical findings...');
+  console.log('\n🚦 Step6: 嚴重問題檢查');
+  const criticalCount = sorted.filter(f => f.level === 'critical').length;
+  if (criticalCount > 0) {
+    console.log(`  ❌ 發現 ${criticalCount} 個嚴重問題，workflow 結束（exit 1）`);
+    console.log('='.repeat(60));
+    process.exit(1);
+  }
+  console.log('  ✅ 無嚴重問題');
 
   console.log('\n✅ Pipeline 完成');
   console.log('='.repeat(60));