fix: 修正 findings.json 路徑重複問題

Dockerfile

@@ -1,8 +1,4 @@
-FROM node:20-slim
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    git \
-    && rm -rf /var/lib/apt/lists/*
+FROM node:20
 
 WORKDIR /action
 

TODO.md

@@ -27,6 +27,7 @@
 
 ---
 
+
 每個階段都會加上明確的 log，並確保即使部分功能未完成也能降級執行、不會中斷 pipeline。
 
 每次執行後請貼 log，我會協助 debug。

app/git.js

@@ -1,44 +1,49 @@
-import { execSync } from 'child_process';
-import { GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_TOKEN, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
+import fs from 'fs';
+import path from 'path';
+import axios from 'axios';
+import https from 'https';
+import { GITEA_TOKEN, GITEA_SERVER_URL, GITEA_REPOSITORY, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
 
-function exec(cmd, cwd) {
-  return execSync(cmd, { cwd, stdio: 'pipe' }).toString().trim();
-}
-
-/**
- * Commit findings.json 並 push 到 PR 來源分支
- */
-export function commitAndPush(workspace) {
-  const repoDir = `${workspace}/${GITEA_REPOSITORY}`;
-  const remoteUrl = `${GITEA_SERVER_URL.replace(/\/$/, '')}/${GITEA_REPOSITORY}.git`
-    .replace('https://', `https://${GITEA_TOKEN}@`);
+const httpsAgent = new https.Agent({ rejectUnauthorized: false });
+const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
+const api = (p) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${p}`;
 
+export async function commitAndPush(workspace) {
   try {
-    // 設定 git 身份
-    exec('git config user.email "ai-review[bot]@gitea"', repoDir);
-    exec('git config user.name "AI Review Bot"', repoDir);
+    const fullPath = path.join(workspace, FINDINGS_PATH);
+    const content = fs.readFileSync(fullPath, 'utf8');
+    const encoded = Buffer.from(content).toString('base64');
+    const url = api(`/repos/${GITEA_REPOSITORY}/contents/${FINDINGS_PATH}`);
 
-    // 切換到來源分支
-    exec(`git fetch origin ${PR_HEAD_BRANCH}`, repoDir);
-    exec(`git checkout ${PR_HEAD_BRANCH}`, repoDir);
-
-    // 確認 findings.json 存在
-    exec(`git add ${FINDINGS_PATH}`, repoDir);
-
-    // 檢查是否有變更
-    const status = exec('git status --porcelain', repoDir);
-    if (!status) {
-      console.log('  findings.json 無變更，跳過 commit');
-      return;
+    // 取得現有檔案 SHA（若存在）
+    let sha;
+    try {
+      const res = await axios.get(`${url}?ref=${encodeURIComponent(PR_HEAD_BRANCH)}`, { headers: headers(), httpsAgent, timeout: 15000 });
+      sha = res.data.sha;
+    } catch {
+      sha = undefined;
     }
 
-    const commitMsg = 'chore: update ai-review findings [skip ci]';
-    const commitHash = exec(`git commit -m "${commitMsg}"`, repoDir)
-      .match(/\[.+ ([a-f0-9]+)\]/)?.[1] || 'unknown';
+    const payload = JSON.stringify({
+      message: 'chore: update ai-review findings [skip ci]',
+      content: encoded,
+      branch: PR_HEAD_BRANCH,
+      ...(sha ? { sha } : {}),
+    });
 
-    exec(`git push ${remoteUrl} ${PR_HEAD_BRANCH}`, repoDir);
+    const resp = await axios.request({
+      method: sha ? 'put' : 'post',
+      url,
+      headers: { ...headers(), 'Content-Type': 'application/json' },
+      httpsAgent,
+      timeout: 30000,
+      data: payload,
+    });
+
+    const commitHash = resp.data.commit?.sha?.slice(0, 7) || 'unknown';
     console.log(`  ✅ persisted findings  commit=${commitHash}  push=${PR_HEAD_BRANCH}`);
   } catch (e) {
-    console.log(`  ⚠️  Runner failed: commit/push 失敗: ${e.message}`);
+    const detail = e.response?.data ? JSON.stringify(e.response.data) : e.message;
+    console.log(`  ⚠️  Runner failed: commit/push 失敗: ${e.response?.status || ''} ${detail}`);
   }
 }

app/main.js

@@ -91,7 +91,7 @@ async function main() {
 
   // Step5: commit/push findings.json 到來源分支
   console.log('\n💾 Step5: 記憶區 Commit/Push');
-  commitAndPush(WORKSPACE);
+  await commitAndPush(WORKSPACE);
 
   // Step6: 有 critical 問題則 exit 1
   console.log('\n🚦 Step6: 嚴重問題檢查');