refactor: 改用 execSync

Dockerfile

@@ -1,4 +1,9 @@
-FROM node:20
+FROM alpine
+
+RUN apk add --no-cache bash nodejs npm git \
+    && node --version \
+    && npm --version \
+    && git --version
 
 WORKDIR /action
 

app/git.js

@@ -1,49 +1,35 @@
-import fs from 'fs';
+import { execSync } from 'child_process';
 import path from 'path';
-import axios from 'axios';
-import https from 'https';
-import { GITEA_TOKEN, GITEA_SERVER_URL, GITEA_REPOSITORY, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
+import { GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_TOKEN, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js';
 
-const httpsAgent = new https.Agent({ rejectUnauthorized: false });
-const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
-const api = (p) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${p}`;
+function git(args, cwd) {
+  return execSync(`git ${args.map(a => `'${a.replace(/'/g, "'\\''")}'`).join(' ')}`, { cwd, encoding: 'utf8' }).trim();
+}
 
 export async function commitAndPush(workspace) {
-  try {
-    const fullPath = path.join(workspace, GITEA_REPOSITORY, FINDINGS_PATH);
-    const content = fs.readFileSync(fullPath, 'utf8');
-    const encoded = Buffer.from(content).toString('base64');
-    const url = api(`/repos/${GITEA_REPOSITORY}/contents/${FINDINGS_PATH}`);
+  const repoDir = path.join(workspace, GITEA_REPOSITORY);
+  const remoteUrl = GITEA_SERVER_URL.replace(/\/$/, '')
+    .replace('https://', `https://${GITEA_TOKEN}@`)
+    .replace('http://', `http://${GITEA_TOKEN}@`) + `/${GITEA_REPOSITORY}.git`;
 
-    // 取得現有檔案 SHA（若存在）
-    let sha;
-    try {
-      const res = await axios.get(`${url}?ref=${encodeURIComponent(PR_HEAD_BRANCH)}`, { headers: headers(), httpsAgent, timeout: 15000 });
-      sha = res.data.sha;
-    } catch {
-      sha = undefined;
+  try {
+    git(['config', 'user.email', 'ai-review[bot]@gitea'], repoDir);
+    git(['config', 'user.name', 'AI Review Bot'], repoDir);
+    git(['fetch', 'origin', PR_HEAD_BRANCH], repoDir);
+    git(['checkout', PR_HEAD_BRANCH], repoDir);
+    git(['add', FINDINGS_PATH], repoDir);
+
+    const status = git(['status', '--porcelain'], repoDir);
+    if (!status) {
+      console.log('  findings.json 無變更，跳過 commit');
+      return;
     }
 
-    const payload = JSON.stringify({
-      message: 'chore: update ai-review findings [skip ci]',
-      content: encoded,
-      branch: PR_HEAD_BRANCH,
-      ...(sha ? { sha } : {}),
-    });
-
-    const resp = await axios.request({
-      method: sha ? 'put' : 'post',
-      url,
-      headers: { ...headers(), 'Content-Type': 'application/json' },
-      httpsAgent,
-      timeout: 30000,
-      data: payload,
-    });
-
-    const commitHash = resp.data.commit?.sha?.slice(0, 7) || 'unknown';
+    const out = git(['commit', '-m', 'chore: update ai-review findings [skip ci]'], repoDir);
+    const commitHash = out.match(/\[.+ ([a-f0-9]+)\]/)?.[1] || 'unknown';
+    git(['push', remoteUrl, PR_HEAD_BRANCH], repoDir);
     console.log(`  ✅ persisted findings  commit=${commitHash}  push=${PR_HEAD_BRANCH}`);
   } catch (e) {
-    const detail = e.response?.data ? JSON.stringify(e.response.data) : e.message;
-    console.log(`  ⚠️  Runner failed: commit/push 失敗: ${e.response?.status || ''} ${detail}`);
+    console.log(`  ⚠️  Runner failed: commit/push 失敗: ${e.message}`);
   }
 }