chore: update ai-review findings [ai-review-bot][failure]

fix: fail workflow on bot failure marker
2026-05-15 15:07:27 +00:00 · 2026-05-15 15:05:52 +00:00
2 changed files with 14 additions and 4 deletions
@@ -23,8 +23,8 @@
  {
    "level": "info",
    "role": "Rex",
-    "location": "action.yaml:7-9, app/gitea.js:100-104",
-    "suggestion": "引入 `GITEA_COMMENT_TOKEN` 並在 `postComment` 函數中優先使用它，這是一個很好的安全實踐，遵循最小權限原則。建議為此 token 配置僅限於發布評論的權限，以降低潛在洩漏的風險。",
-    "is_new": false
+    "location": "action.yaml:18",
+    "suggestion": "引入 GITEA_COMMENT_TOKEN 是一個很好的實踐，遵循最小權限原則。請確保為此 token 配置的權限確實僅限於發布評論。同時，與 GITEA_TOKEN 類似，建議使用者始終從 workflow 的 secrets context 傳遞此 token，以避免硬編碼敏感資料。",
+    "is_new": true
  }
 ]
@@ -1,7 +1,7 @@
 import path from 'path';
 import { GITEA_REPOSITORY, PR_NUMBER, PR_HEAD_BRANCH, PR_BASE_BRANCH, getLLMConfig, FINDINGS_PATH, EXCLUSIONS_PATH } from './config.js';
 import { loadRoles, getRoleIntro } from './roles.js';
-import { getPRDiff, postComment, shouldSkipBotCommit } from './gitea.js';
+import { getPRDiff, postComment, getCommitMessageBySha, getBotReviewOutcome, shouldSkipBotCommit } from './gitea.js';
 import { analyzeWithRole, loadOldFindings, mergeFindings, sortByLevel, deduplicateWithAI, loadExclusions, applyExclusions, filterFalsePositivesWithAI } from './findings.js';
 import { saveFindings, postOldFindingsComment, postNewNonCriticalComment, postNewCriticalComments } from './comments.js';
 import { cloneRepo, commitAndPush, getRepoState } from './git.js';
@@ -15,6 +15,16 @@ async function main() {
  console.log(`  repo=${GITEA_REPOSITORY}  PR=#${PR_NUMBER}`);
  console.log(`  ${PR_HEAD_BRANCH} -> ${PR_BASE_BRANCH}`);

+  const headSha = process.env.PR_HEAD_SHA || process.env.GITHUB_SHA || '';
+  const headMessage = await getCommitMessageBySha(headSha);
+  const headOutcome = getBotReviewOutcome(headMessage);
+  console.log(`  🔎 head check: sha=${headSha || 'empty'} outcome=${headOutcome}`);
+  if (headMessage.includes('[ai-review-bot]') && headOutcome === 'failure') {
+    console.log('  ❌ 偵測到 [ai-review-bot][failure]，直接讓 workflow 失敗');
+    console.log('='.repeat(60));
+    process.exit(1);
+  }
+
  if (await shouldSkipBotCommit()) {
    console.log('  🤖 偵測到 [ai-review-bot] 自動提交，直接完成 action');
    console.log('='.repeat(60));
Author	SHA1	Message	Date
AI Review Bot	140c5059f1	chore: update ai-review findings [ai-review-bot][failure]	2026-05-15 15:07:27 +00:00
jiantw83	ce53c67cac	fix: fail workflow on bot failure marker	2026-05-15 15:05:52 +00:00