Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 AI Review Bot
|
93c3d0ca66 | ||
 jiantw83
|
35150cae8a | ||
|
AI Review Bot
|
e216ca08c5 | ||
|
jiantw83
|
888bf0b359 |
@@ -11,7 +11,7 @@
|
|||||||
"role": "Leo",
|
"role": "Leo",
|
||||||
"location": "action.yaml:12",
|
"location": "action.yaml:12",
|
||||||
"suggestion": "建議將 `GITEA_TOKEN` 的環境變數設定改回 `GITEA_TOKEN: ${{ inputs.GITEA_TOKEN || secrets.GITEA_TOKEN }}`。目前將其設定為 `required: true` 並移除 `secrets.GITEA_TOKEN` 的 fallback 機制,會導致現有依賴 `secrets.GITEA_TOKEN` 的工作流程中斷,並降低配置的彈性。如果目的是強制透過 `inputs` 傳遞,應在文件明確說明此重大變更及其原因。",
|
"suggestion": "建議將 `GITEA_TOKEN` 的環境變數設定改回 `GITEA_TOKEN: ${{ inputs.GITEA_TOKEN || secrets.GITEA_TOKEN }}`。目前將其設定為 `required: true` 並移除 `secrets.GITEA_TOKEN` 的 fallback 機制,會導致現有依賴 `secrets.GITEA_TOKEN` 的工作流程中斷,並降低配置的彈性。如果目的是強制透過 `inputs` 傳遞,應在文件明確說明此重大變更及其原因。",
|
||||||
"is_new": true
|
"is_new": false
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"level": "warning",
|
"level": "warning",
|
||||||
@@ -19,5 +19,12 @@
|
|||||||
"location": "action.yaml:80",
|
"location": "action.yaml:80",
|
||||||
"suggestion": "在 `runs.env` 區塊中,`GITEA_TOKEN` 現在只從 `inputs` 取得,但 `GITEA_SERVER_URL` 和 `GITEA_REPOSITORY` 仍保留從 `gitea context` 取得的備用機制。這種處理方式的不一致性可能會造成未來的維護困擾。建議統一所有 Gitea 相關變數的取得邏輯,或提供明確的註解說明此差異的原因。",
|
"suggestion": "在 `runs.env` 區塊中,`GITEA_TOKEN` 現在只從 `inputs` 取得,但 `GITEA_SERVER_URL` 和 `GITEA_REPOSITORY` 仍保留從 `gitea context` 取得的備用機制。這種處理方式的不一致性可能會造成未來的維護困擾。建議統一所有 Gitea 相關變數的取得邏輯,或提供明確的註解說明此差異的原因。",
|
||||||
"is_new": false
|
"is_new": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"level": "warning",
|
||||||
|
"role": "Rex",
|
||||||
|
"location": "action.yaml:81",
|
||||||
|
"suggestion": "在 `action.yaml` 中,`GITEA_TOKEN` 的設定從 `secrets.GITEA_TOKEN` 的 fallback 移除,現在僅從 `inputs.GITEA_TOKEN` 取得。雖然 `inputs.GITEA_TOKEN` 可以透過 `secrets.MY_GITEA_TOKEN` 安全地傳遞,但此變更將確保敏感資料安全傳遞的責任完全轉移到工作流程的配置者。請確保所有使用此 action 的工作流程都透過 GitHub/Gitea secrets 將 `GITEA_TOKEN` 傳遞給 `inputs.GITEA_TOKEN`,以避免將敏感令牌硬編碼或暴露在日誌中。",
|
||||||
|
"is_new": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
+41
-8
@@ -6,6 +6,13 @@ const httpsAgent = GITEA_SKIP_TLS_VERIFY ? new https.Agent({ rejectUnauthorized:
|
|||||||
const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
|
const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' });
|
||||||
const api = (path) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${path}`;
|
const api = (path) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${path}`;
|
||||||
|
|
||||||
|
function extractCommitMessage(payload) {
|
||||||
|
return payload?.message
|
||||||
|
|| payload?.commit?.message
|
||||||
|
|| payload?.commit?.commit?.message
|
||||||
|
|| '';
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 取得 PR 的 Git Diff 內容,已自動排除 .gitea/ 資料夾。
|
* 取得 PR 的 Git Diff 內容,已自動排除 .gitea/ 資料夾。
|
||||||
*/
|
*/
|
||||||
@@ -33,8 +40,11 @@ export async function getCommitMessageBySha(sha) {
|
|||||||
timeout: 30000,
|
timeout: 30000,
|
||||||
httpsAgent,
|
httpsAgent,
|
||||||
});
|
});
|
||||||
return resp.data?.message || '';
|
const message = extractCommitMessage(resp.data);
|
||||||
} catch {
|
console.log(` 🔎 bot-check: commit api sha=${sha} keys=${Object.keys(resp.data || {}).join(',') || 'empty'} message=${message ? 'found' : 'empty'}`);
|
||||||
|
return message;
|
||||||
|
} catch (e) {
|
||||||
|
console.log(` ⚠️ bot-check: 讀取 commit sha=${sha} 失敗: ${e.message}`);
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -48,18 +58,41 @@ export async function getBranchHeadCommitMessage(branch = PR_HEAD_BRANCH) {
|
|||||||
httpsAgent,
|
httpsAgent,
|
||||||
});
|
});
|
||||||
const sha = resp.data?.commit?.id || resp.data?.commit?.sha || '';
|
const sha = resp.data?.commit?.id || resp.data?.commit?.sha || '';
|
||||||
|
console.log(` 🔎 bot-check: branch api branch=${branch} keys=${Object.keys(resp.data || {}).join(',') || 'empty'} sha=${sha || 'empty'} message=${extractCommitMessage(resp.data?.commit) ? 'found' : 'empty'}`);
|
||||||
return await getCommitMessageBySha(sha);
|
return await getCommitMessageBySha(sha);
|
||||||
} catch {
|
} catch (e) {
|
||||||
|
console.log(` ⚠️ bot-check: 讀取 branch=${branch} head commit 失敗: ${e.message}`);
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function shouldSkipBotCommit({ sha = PR_HEAD_SHA || process.env.GITHUB_SHA, branch = PR_HEAD_BRANCH } = {}) {
|
export async function shouldSkipBotCommit({ sha = PR_HEAD_SHA || process.env.GITHUB_SHA, branch = PR_HEAD_BRANCH } = {}) {
|
||||||
const candidates = [
|
console.log(` 🔎 bot-check: start PR_HEAD_SHA=${PR_HEAD_SHA || 'empty'} GITHUB_SHA=${process.env.GITHUB_SHA || 'empty'} sha=${sha || 'empty'} branch=${branch || 'empty'}`);
|
||||||
await getCommitMessageBySha(sha),
|
|
||||||
await getBranchHeadCommitMessage(branch),
|
const shaMessage = await getCommitMessageBySha(sha);
|
||||||
].filter(Boolean);
|
if (sha) {
|
||||||
return candidates.some(message => message.includes('[ai-review-bot]'));
|
console.log(` 🔎 bot-check: sha=${sha} message=${shaMessage ? 'found' : 'empty'}`);
|
||||||
|
if (shaMessage.includes('[ai-review-bot]')) {
|
||||||
|
console.log(' ✅ bot-check: matched commit sha marker');
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
console.log(' 🔎 bot-check: skip sha lookup because sha is empty');
|
||||||
|
}
|
||||||
|
|
||||||
|
const branchMessage = await getBranchHeadCommitMessage(branch);
|
||||||
|
if (branch) {
|
||||||
|
console.log(` 🔎 bot-check: branch=${branch} head_message=${branchMessage ? 'found' : 'empty'}`);
|
||||||
|
if (branchMessage.includes('[ai-review-bot]')) {
|
||||||
|
console.log(' ✅ bot-check: matched branch head marker');
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
console.log(' 🔎 bot-check: skip branch lookup because branch is empty');
|
||||||
|
}
|
||||||
|
|
||||||
|
console.log(' ℹ️ bot-check: no [ai-review-bot] marker found');
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user